Hi,

You need to convert the certificate to a PKCS12 format; which is the one the ASA supports.
With wildcard certificate, the CA should give you the certificates plus the RSA key pair.

You need to have OPNESSL installed for this process.

Here is the procedure to export a BASE64 to PCK12:

Step 1

You need to have the PEM certificate that has the Private Key as well as
the Identity cert that CA sent you

Step 2

From the Identity cert that you got from CA, we need to export the
Root, Intermediate and ID and save them as a base64 format

Double click the ID cert and go the details Tab and click over the "Copy to
file " follow the wizard and save it on the same folder where you have the
original cert

Go to the "Certification Path" tab and export the Root and intermediate
respectively.

Step 3

You should have the 3 certificates on the same folder, we would need to
create a txt file. Afterwards, open each of the certificates
(root,intermediate,Identity) with notepad and paste them into the new
notepad file(chain.txt) and save it

Step 5

Open the open SSL program and type the following . Note OPEN SSL program
must be on the same folder

Pkcs12 -export -in <notepad file.txt> -inkey <pem file.pemkey> -out
<name>.12

i.e pkcs12 -export -in chain.txt -inkey ddcvpn001.c-iv.net.pemkey -out id.12

This would create the pkcs file in binary format but we need to convert this
to txt to be imported to the ASA

Base64 -in id.p12 -out id.p12.txt

Step 6

Now you can double click over the id.p.12.txt file and copy the output into
the ASA

Step 7

On the ASA type:

crypto ca import <name> pkcs12 <password>

Enter the base 64 encoded pkcs12.

End with the word "quit" on a line by itself:

Here you can paste in the output of the id.p.12.txt file

Then apply the certificate to the interface with the command :

ssl trust-point <name> outside.

Regards,

Aditya

Please rate helpful posts.