Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Error message for Ca help

Hi,

Can anyone advise me on what is the cause of the problem (Manually install 3rd party Vendor for use with WebVPN configuration version 8.0) ?

i have follow the configuration example and found this error message via CLi

Appreciated any kind reply.

FO: Certificate has the following attributes:

Fingerprint: 713cdfee 53530e1e 06fa7a41 b78a7779

Do you accept this certificate? [yes/no]: y

Trustpoint 'xx.Entrust.TrustPoint' is a subordinate CA and holds a non self-signed certificate.

Trustpoint 'xx.Entrust.TrustPoint' is a subordinate CA.

but certificate is not a CA certificate.

Manual verification required

Trustpoint CA certificate accepted.

% Certificate successfully imported

PHS-ASA(config)# CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND

CRYPTO_PKI: No suitable trustpoints found to validate certificate serial number: 469C84D9, subject name: cn=xxxx.xxxx.com.xx,ou=IT,o=xxxxxxxx,l=xxx,c=xx.

CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND

Current Certificate list contents:

Certificate 1:

SERIAL: 469c84d9

ISSUER: cn=Entrust.net Secure Server Certification Authority,ou=(c) 1999 Entrust.net Limited,ou=www.entrust.net/CPS incorp. by ref. (limits liab.),o=Entrust.net,c=US

CRYPTO_PKI: crypto_process_ra_certs(trust_point=PW.Entrust.TrustPoint)INFO: Certificate has the following attributes:

^

PHS-ASA(config)# ISSUER: cn=Entrust.net Secure Server Certification Authorit$

ISSUER: cn=Entrust.net Secure Server Certification Authority,ou=(c) 1999 Entrust.net Limited,ou=www.entrust.net/CPS incorp. by ref. (limits liab.),o=Entrust.n

et,c=US

1 REPLY
Bronze

Re: Error message for Ca help

If you get a certificate from a trusted 3rd party (i.e. Verisign/Thawte/etc.) to install on the appliance then you shouldn't get the certificate warning pop-ups for anything that's encrypted by the SSL VPN appliance. For some certificates manual install maybe the only way. You need to check with the issuer of certificate for a such problem.

400
Views
0
Helpful
1
Replies
CreatePlease login to create content