I am doing some lab work with PIX version 7.22 and wildcard certificates. I have installed a certificate on a Microsoft IIS server and then exported this as a .pfx file. I have then converted this file to a PKCS12 formatted .pem file using openssl.
If I import this file onto an ACS server everything is fine and the certificate is installed, however if I try to import the PKCS12 file to a PIX running version 7.22 using the command CRYPTO CA IMPORT TEST.COM PKCS12 PASSWORD and then paste the PKCS12 text into the console I get the following message - ERROR: Unable to convert the base 64 encoded pkcs12.
If I edit the PKCS12 file and only keep the entries between the dashed lines I get this message - ERROR: Import PKCS12 operation failed.
If I copy the .pfx file that I exported from the IIS server onto the flash card of a 2600 router and enter the command CRYPTO CA IMPORT *.TEST.COM PKCS12 FLASH:PKCS12.pfx PASSWORD the import works. If I try to cut and paste the PKCS12 text using the command CRYPTO CA IMPORT *.TEST.COM PKCS12 TERMINAL PASSWORD it fails.
Unfortunately the PIX doesn't appear to have the ability to import from a .pfx file.
I have even tried the ASDM on the PIX but it still doesn't work.
Can anyone help me to import this certificate?
I have searched the net to see if I need to format the file in some way or change the conversion but I can't find anything.
I know the PKCS12 file is OK because the ACS server imports it without a problem, and I know the .pfx is OK because the router imports it without a problem.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...