cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2231
Views
0
Helpful
1
Replies

ASA 5505 CSR problem

andrewswanson
Level 7
Level 7

hello

i'm trying to generate a csr on an ASA 5505 (ASDM 6.1(1) ASA v8.0(3)) for our new SSL VPN service. i followed the documentation at http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808b3cff.shtml and submitted the csr to our 3rd party vendor Globalsign.

a few days later the request was rejected due "to the inclusion of an unstructuredName element within the subject of the CSR."

when i generate the csr (either from cli or asdm), the resultant csr contains

unstructuredName=IA5STRING:<my_fqdn>

where my_fqdn is the name i used in the CN field.

i tried generating a csr for the asa with openssl and submitted that to globalsign which was successful but get the error "Certificate does not contain general purpose public key" when i try to install it.

any ideas or pointers appreciated.

thanks

andy

1 Reply 1

andrewswanson
Level 7
Level 7

got this working - i was half way there. when the original csr (from the asa) was rejected by globalsign i generated a csr using openssl:

openSSL>req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem

when i received the cert from globalsign i combined it with my key:

openssl>pkcs12 -export -in CA.pem -inkey mykey.pem -out CA.p12 -clcerts -passin pass: -passout pass:

then went to ASA and Configuration->Device Management->Certificate Management->Identity Certificates. selected Add and 'import identity certificate form file' - used output file from last openssl statement with password and cert imported ok

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: