Problems importing SSL certificate to ASA 7.2

Unanswered Question
Jan 8th, 2008

Hi all,

I cannot install the SSL certificate we purchased onto my ASA. Here are the messages I'm getting:

Can not select my public key (ssl.key)

Received General Purpose certificate for signature keypair

Do you wish to accept this certificate? [yes/no]: yes

Cannot import certificate -

Certificate does not contain device's General Purpose public key

for trust point ComodoSSL.trustpoint

ERROR: Failed to parse or verify imported certificate

The vendor from which we purchased the cert sends two other certificates with it; one is a Root CA cert and the other an Intermediate CA cert. On my old VPN 3015, I had to install both of these as Certificate Authorities. I can't figure out how to do this on the ASA. I can authenticate my trustpoint using either CA cert, but not add the other. I'm wondering if this is causing the error when importing the SSL cert.

Any help would be appreciated!

Thanks,

- Steve

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
amritpatek Mon, 01/14/2008 - 13:21

It looks like you don't have the keypair which you used to generate the certificate request saved on the device so when you try to import the device certificate it complains that it doesn't have the keypair associated with the device certificate that you are trying to import.

rstevek Mon, 01/14/2008 - 13:43

Hi,

I opened a ticket with TAC on this. I had generated a "usage" keypair on the ASA, and the vendor seems to have issued me a cert that expected a "general-use" key.

TAC advised me to just generate another general-user keypair and get a new cert, which is what I did. I had no problem that time.

Thanks,

- Steve

Actions

This Discussion