04-29-2014 10:11 AM - edited 03-12-2019 06:06 PM
Hi,
I am having issues installing a certificate, I get the following error message:
'Cannot import certificate - Certificate does not contain devices general purpose public key for trust point ASDM_TrustPoint4 Error: failed to parse or verify imported certificate'
I found this old post but it may apply to me:
https://supportforums.cisco.com/discussion/11479246/installing-certificate-ssl-vpn-asa-5510
I tried following this instructions but it fail in step 4:
ASA5510 version 8.3
ASDM version 6.3
Any advice?
Thank you.
Solved! Go to Solution.
04-29-2014 11:14 AM
Are you sure you generated the CSR from that ASA unit?
It's not part of an HA pair by any chance - that would cause it to not recognize the certificate for import since the key would not match.
04-30-2014 04:11 AM
Your CSR generation parameters should match with CA (Verisign) while generating root, intermediate and ssl certficate. If any parameter misses then it will not take.
Root and Intermediate should be applied together and then the SSL to match the trustpoint you have created.
Regards
Karthik
04-29-2014 11:14 AM
Are you sure you generated the CSR from that ASA unit?
It's not part of an HA pair by any chance - that would cause it to not recognize the certificate for import since the key would not match.
04-29-2014 12:21 PM
Marvin,
At this point would it make more sense to generate a new CSR and submitted to GeoTrust?
The CSR was created via ASDM. I found a CSR checker in GeoTrust's website after your comment and it shows one error, I used the state abbreviation.
Thank you.
04-29-2014 12:26 PM
I'd go ahead and resubmit the CSR.
I imagine the incorrect state abbreviation could throw off the parser - it's designed to check the certificate structure very very carefully before allowing it to be imported.
04-29-2014 12:46 PM
I will update you will results, hopefully it will go well after that.
04-30-2014 04:11 AM
Your CSR generation parameters should match with CA (Verisign) while generating root, intermediate and ssl certficate. If any parameter misses then it will not take.
Root and Intermediate should be applied together and then the SSL to match the trustpoint you have created.
Regards
Karthik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide