Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA5510 renew SSL certificate (GeoTrust QuickSSL Premium) - Cannot import certificate

Hi,

I am having issues installing a certificate, I get the following error message:

'Cannot import certificate - Certificate does not contain devices general purpose public key for trust point ASDM_TrustPoint4 Error: failed to parse or verify imported certificate'

 

I found this old post but it may apply to me:

https://supportforums.cisco.com/discussion/11479246/installing-certificate-ssl-vpn-asa-5510

 

I tried following this instructions but it fail in step 4:

https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO16142&actp=search&viewlocale=en_US&searchid=1398781506734

 

ASA5510 version 8.3

ASDM version 6.3

 

Any advice?

 

Thank you.

 

 

 

 

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Are you sure you generated

Are you sure you generated the CSR from that ASA unit?

It's not part of an HA pair by any chance - that would cause it to not recognize the certificate for import since the key would not match.

Your CSR generation

Your CSR generation parameters should match with CA (Verisign) while generating root, intermediate and ssl certficate. If any parameter misses then it will not take.

Root and Intermediate should be applied together and then the SSL to match the trustpoint you have created.

 

Regards

Karthik

5 REPLIES
Hall of Fame Super Silver

Are you sure you generated

Are you sure you generated the CSR from that ASA unit?

It's not part of an HA pair by any chance - that would cause it to not recognize the certificate for import since the key would not match.

Community Member

Marvin,At this point would it

Marvin,

At this point would it make more sense to generate a new CSR and submitted to GeoTrust?

The CSR was created via ASDM. I found a CSR checker in GeoTrust's website after your comment and it shows one error, I used the state abbreviation.

Thank you.

Hall of Fame Super Silver

I'd go ahead and resubmit the

I'd go ahead and resubmit the CSR.

I imagine the incorrect state abbreviation could throw off the parser - it's designed to check the certificate structure very very carefully before allowing it to be imported.

Community Member

I will update you will

I will update you will results, hopefully it will go well after that.

Your CSR generation

Your CSR generation parameters should match with CA (Verisign) while generating root, intermediate and ssl certficate. If any parameter misses then it will not take.

Root and Intermediate should be applied together and then the SSL to match the trustpoint you have created.

 

Regards

Karthik

315
Views
0
Helpful
5
Replies
CreatePlease to create content