I am having some problem to install the 3rd Party Vendor Certificate.
I can successfully installed the certificate one year ago, but recently I have to renew the certificate ( entrust) and have to reinstall it. I used the same steps as before when I first installed the certificate one year ago. (http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808b3cff.shtml#step2)
The steps I have done are as follows:
1) Generate a Public Key e.g. ABCkey
asa(config)# crypto key generate rsa label ABCkey modulus 1024
INFO: The name for the keys will be: ABCkey
Keypair generation process begin. Please wait...
2) Create trust point:
asa(config)# crypto ca trustpoint ABCtrustpoint
asa(config-ca-trustpoint)# subject-name cn=www.abc.com.au,ou=IT-UC,o=ABC Limited,l=Australia,c=AU
asa(config-ca-trustpoint)# keypair entrust.key
asa(config-ca-trustpoint)# enrollment terminal
asa(config)# crypto ca enroll entrust
% Start certificate enrollment .
After that it has generate a CSR and I have sent it to Entrust to get a certificate
3) Install certificate:
asa(config)# crypto ca import ABCtrustpoint certificate
the error message is:
Cannot import certificate -
Certificate does not contain device's General Purpose public key
for trust point entrust
ERROR: Failed to parse or verify imported certificate
4) I have made sure the public key is there
show crypto key mypubkey rsa
Do I have to uninstall all the old certificate before I can renew my certificate? if so, how can I uninstall it via command line?