Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA can not import certificate !!

Hi guys,

while installing identity certificate i am getting this error:

"

can not import certificate.

certificate does not contain device general purpose public key for cisco trust point ASA_IDENTITY_TRUSTPOINT

ERROR: failed to parse or verify the imported certificate

"

Attached is the snapshot of the ERROR.

i searched on forum and one solution to this was to put ' ST" in certificate DN. so i did but still same issue.

i have cisco asa 5550 with following configuration. ( and client does not want upgrade)

software version: 8.0.4

3DES-AES : disabled

please come up with some solutions, every suggession is appericiated.

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Green

Cisco ASA can not import certificate !!

Ah didn't notice that in your original post.  That must be enabled. for any type of encryption to work.  It is free (so I am not sure why Cisco doesn't include it when they ship the device) but you need to go to the cisco website and get the license and install it on the ASA.

--
Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
5 REPLIES
VIP Green

Cisco ASA can not import certificate !!

It looks like you have not generated a RSA keypair when you generated the CSR.

--
Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
New Member

Cisco ASA can not import certificate !!

marius i did, inface i tried generating an other key pair one of size 1024 and other one is of 2048. but with both its not working. I have tried same config in asa 5520 with only difference is in my successful installation asa software version was 8.2.5 and 3DES-AES enabled.

here its not working in 5550 with software version 8.0.4 and 3DES-AES    : Disabled

this is my keypair.

"

Key name: CA-identity-Key

Usage: General Purpose Key

Modulus Size (bits): 1024

Key Data:

  30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00e7aeb8

  42526864 7ab0b380 b4fcaed8 94589efc 8a5ce346 0b8f0c97 4b4b203f c1c00f0d

  dd8afd97 55bba7ac 6dde999d ec85bf0c 3aa4b61d 19033ad8 fa30b200 9c80ff73

  7029747e 4d5e0fb6 e1c25754 631c8d18 d2d83362 28f976ca 2de31dd2 b6873f89

  fbc41cf3 343c726b da65effa 1365c56c 8fdb89b5 dcac3088 2e124475 bb020301 0001

"

VIP Green

Cisco ASA can not import certificate !!

Ah didn't notice that in your original post.  That must be enabled. for any type of encryption to work.  It is free (so I am not sure why Cisco doesn't include it when they ship the device) but you need to go to the cisco website and get the license and install it on the ASA.

--
Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
New Member

Cisco ASA can not import certificate !!

if you are sure about it than i will try does it require down time ? I mean reboot after issuing activation-key XXXXXX ?

VIP Green

Cisco ASA can not import certificate !!

A reboot is required after the license installation.

As I mentioned the 3DES-AES license is used for strong encryption.  When generating a keypair, RSA is used which (to my understanding) is part of the strong encryption package.

--
Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
436
Views
0
Helpful
5
Replies
CreatePlease login to create content