I created a CSR using the web gui and got a signed cert back from thawte. When I try and go through the bind operation via web gui I get the following message:
Certificate Validation Error: 'Unable to Parse Certificate'.
all I can find in the logs is the following (acsmanagement log):
Jun 09 2010 15:42:49 com.cisco.nm.acs.mgmt.gui.app.entities.ACSCertificateStoreGuiEntity.bindCert(ACSCertificateStoreGuiEntity.java: 1237) FATAL http-443-5 Acs.MGMT.GUI Unable to parse certificate com.cisco.nm.acs.mgmt.bl.framework.exceptions.CertificateException: Unable to parse certificate at com.cisco.nm.acs.mgmt.bl.framework.certificate.CertificateHandler.populateCertFields(CertificateHandler.java:393) at com.cisco.nm.acs.mgmt.gui.app.entities.ACSCertificateStoreGuiEntity.bindCert(ACSCertificateStoreGuiEntity.java:1211) at com.cisco.nm.acs.mgmt.gui.app.actions.ACSCertificateStoreLPInputAction.onBindCert(ACSCertificateStoreLPInputAction.java:6 02) at com.cisco.nm.acs.mgmt.gui.app.actions.ACSCertificateStoreLPInputAction.bindCert(ACSCertificateStoreLPInputAction.java:527 )
Our client insisted they generate their own certificates (we hand them a csr, they come back with a certificate). The cert they were sending back was chained, PKCS#7 according to them.
Apparently the ACS doesn't like those. I requested an unchained x.509 cert from them and it went through without a hitch. Generating a CSR and joining it with a private key doesn't take much more than two click, its fantastic.
Though administrative/management error handling and documentation on the 5.1 could use some work, I'm deeply in love the platform.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...