VPN SSL Certificate error when installing

Unanswered Question
Apr 28th, 2010

, Hi,

For  VPN SSL connections, I'd like to authentify the ASA server with an internal Windows PKI.

I successfully added a Root CA with the associated Trustpoint name "ASDM_TrustPoint0" (by default)  /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tableau Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Next, I want to install a Identity Certificate. In  /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tableau Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} In Certificate Management > Identity Certificates, I used the same TrustPoint Name as with the CA (ASDM_TrustPoint0).

I correctly filled the CN value and the FQDN (in Advanced Tab).

But when I click on "Add Certificate", I have the error "Enrollment terminal. Trustpoint enrollment cannot be changed for an authenticated trustpoint".

Snap1.jpg

According to the book Cisco ASA All-in-One, the error can be ignored so I proceeded.

The certificate is now in Pending State but when installing it,

Snap2.jpg

I did a test. I installed the Root CA on my personnal computer then I clicked on the identity certificate.cer file received. No authentication possible to a known Root CA.

Did I do something wrong with the TrustPoint Name ??

Thanbsk

Herve

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion