ASA 5505 CSR problem

Unanswered Question
Oct 28th, 2008
User Badges:
  • Silver, 250 points or more


i'm trying to generate a csr on an ASA 5505 (ASDM 6.1(1) ASA v8.0(3)) for our new SSL VPN service. i followed the documentation at and submitted the csr to our 3rd party vendor Globalsign.

a few days later the request was rejected due "to the inclusion of an unstructuredName element within the subject of the CSR."

when i generate the csr (either from cli or asdm), the resultant csr contains


where my_fqdn is the name i used in the CN field.

i tried generating a csr for the asa with openssl and submitted that to globalsign which was successful but get the error "Certificate does not contain general purpose public key" when i try to install it.

any ideas or pointers appreciated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
andrewswanson Wed, 10/29/2008 - 07:46
User Badges:
  • Silver, 250 points or more

got this working - i was half way there. when the original csr (from the asa) was rejected by globalsign i generated a csr using openssl:

openSSL>req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem

when i received the cert from globalsign i combined it with my key:

openssl>pkcs12 -export -in CA.pem -inkey mykey.pem -out CA.p12 -clcerts -passin pass: -passout pass:

then went to ASA and Configuration->Device Management->Certificate Management->Identity Certificates. selected Add and 'import identity certificate form file' - used output file from last openssl statement with password and cert imported ok


This Discussion