ASA and importing Certificates using MANUAL

Unanswered Question
Apr 15th, 2008
User Badges:

Hello, can someone help with this ASa certificate stuff, as its driving me nuts!


I've generated a key pair, (using the defaults)

Added a trustpoint using 'MANUAL' with the 'enroll terminal' command, as there is no path to a 3rd Party CA

Configured my trustpoint editing all the information

Enrolled my trustpoint, then emailed the output request for a certificate from Verisign

Got 2 certificates from Versign, authenticated the first, the CA certificate (or root or intermediate CA) into ASA ok

using 'crypto ca authenticate MANUAL'


Tried to add the identity certificate

using 'crypto ca import MANUAL certificate'


but after pasting get the message


Cannot import certificate -

Certificate does not contain device's General Purpose public key

for trustbpoint MANUAL

ERROR: Failed to parse or verify imported certificate



I'm using ASDM version 6.0(3) ASA5520 version 8.03()


I've tried the ASDM bt cant even find the key generation drop down or trustpoint as in earlier versions of ASDM?


Have I got this all wrong? any help appreciated


Regards Tony

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Mon, 04/21/2008 - 11:24
User Badges:

The following steps are required to import certificate to ASA.


1. Create a trustpoint. Properties > Certificate > Trustpoint > Configuration.


2. Obtain the root certificate from Verisign. Verisign should already have provided this for you.

Navigate to Properties > Certificate > Authentication.

- Select the trustpoint you just created

You can either import the certificate from a file or cut and paste the Verisign Root cert.


3. Generate a CSR to obtain an ID cert from Verisign.

Navigate to Properties > Certificate > Enrollment.

Select your trustpoint.

Click on Enroll. This will create a CSR which you will send to verisign, who will issue you an ID cert.


4. Import certifcate

Navigate to Properties > Certificate > Import Certificate.

- Select your trustpoint.

Import the certificate issued to you by Verisign either by uploading the file or cut and paste.


5. Apply the certificate to a specific interface (likely your outside interface)

Navigate to Properties > SSL.

At the bottom half, select the interface. Click Edit.

Select your trustpoint.

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/certs.html

Actions

This Discussion