Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ASA 5505 CSR problem

hello

i'm trying to generate a csr on an ASA 5505 (ASDM 6.1(1) ASA v8.0(3)) for our new SSL VPN service. i followed the documentation at http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808b3cff.shtml and submitted the csr to our 3rd party vendor Globalsign.

a few days later the request was rejected due "to the inclusion of an unstructuredName element within the subject of the CSR."

when i generate the csr (either from cli or asdm), the resultant csr contains

unstructuredName=IA5STRING:<my_fqdn>

where my_fqdn is the name i used in the CN field.

i tried generating a csr for the asa with openssl and submitted that to globalsign which was successful but get the error "Certificate does not contain general purpose public key" when i try to install it.

any ideas or pointers appreciated.

thanks

andy

1 REPLY

Re: ASA 5505 CSR problem

got this working - i was half way there. when the original csr (from the asa) was rejected by globalsign i generated a csr using openssl:

openSSL>req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem

when i received the cert from globalsign i combined it with my key:

openssl>pkcs12 -export -in CA.pem -inkey mykey.pem -out CA.p12 -clcerts -passin pass: -passout pass:

then went to ASA and Configuration->Device Management->Certificate Management->Identity Certificates. selected Add and 'import identity certificate form file' - used output file from last openssl statement with password and cert imported ok

1678
Views
0
Helpful
1
Replies