03-10-2016 11:03 AM - edited 03-12-2019 12:28 AM
Hi,
I am applying wildcard certificate for first time + via cli.
I have 3 files with .pem extension viz root cert, intermediate cert and private key. And the password used for importing.
I am following the URL: http://www.cisco.com/c/en/us/support/docs/interfaces-modules/catalyst-6500-series-ssl-services-module/63485-paste-cert-key.html
When creating trustpoint / importing certificate, I dont get the "PEM" keyword. So unable to proceed, can someone please help?
I am running a ASA 5510 with Version 9.1(6)
ASA(config-ca-trustpoint)# enrollment terminal ?
crypto-ca-trustpoint mode commands/options:
<cr>
ASA(config)# crypto ca import server-tank.com ?
configure mode commands/options:
certificate Import a certificate from the terminal
pkcs12 Import PKCS12 format from the terminal
Thanks,
Krishna
Solved! Go to Solution.
03-13-2016 07:19 AM
03-10-2016 12:02 PM
Hi,
You need to convert the certificate to a PKCS12 format; which is the one the ASA supports.
With wildcard certificate, the CA should give you the certificates plus the RSA key pair.
You need to have OPNESSL installed for this process.
Here is the procedure to export a BASE64 to PCK12:
Step 1
You need to have the PEM certificate that has the Private Key as well as
the Identity cert that CA sent you
Step 2
From the Identity cert that you got from CA, we need to export the
Root, Intermediate and ID and save them as a base64 format
Double click the ID cert and go the details Tab and click
file " follow the wizard and save it
original cert
Go to the "Certification Path" tab and export the Root and intermediate
respectively.
Step 3
You should have the 3 certificates on the same folder, we would need to
create a txt file. Afterwards, open each of the certificates
notepad file(chain.txt) and save it
Step 5
Open the open SSL program and type the
must be
Pkcs12 -export -in <notepad file.txt> -inkey <pem file.pemkey> -out
<name>.12
i.e pkcs12 -export -in chain.txt -inkey ddcvpn001.c-iv.net.pemkey -out id.12
This would create the
to
Base64 -in id.p12 -out id.p12.txt
Step 6
Now you can double click
the ASA
Step 7
On the ASA type:
crypto ca import <name> pkcs12 <password>
Enter the base 64 encoded pkcs12.
End with the word "quit" on a line by itself:
Here you can paste in the output of the id.p.12.txt file
Then apply the certificate to the interface with the
Regards,
Aditya
Please rate helpful posts.
03-13-2016 07:17 AM
Thanks Aditya, I will check this and share the results.
03-13-2016 07:19 AM
Hi,
Great keep us posted.
Regards,
Aditya
Please rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide