Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problems importing SSL certificate to ASA 7.2

Hi all,

I cannot install the SSL certificate we purchased onto my ASA. Here are the messages I'm getting:

Can not select my public key (ssl.key)

Received General Purpose certificate for signature keypair

Do you wish to accept this certificate? [yes/no]: yes

Cannot import certificate -

Certificate does not contain device's General Purpose public key

for trust point ComodoSSL.trustpoint

ERROR: Failed to parse or verify imported certificate

The vendor from which we purchased the cert sends two other certificates with it; one is a Root CA cert and the other an Intermediate CA cert. On my old VPN 3015, I had to install both of these as Certificate Authorities. I can't figure out how to do this on the ASA. I can authenticate my trustpoint using either CA cert, but not add the other. I'm wondering if this is causing the error when importing the SSL cert.

Any help would be appreciated!


- Steve


Re: Problems importing SSL certificate to ASA 7.2

It looks like you don't have the keypair which you used to generate the certificate request saved on the device so when you try to import the device certificate it complains that it doesn't have the keypair associated with the device certificate that you are trying to import.

New Member

Re: Problems importing SSL certificate to ASA 7.2


I opened a ticket with TAC on this. I had generated a "usage" keypair on the ASA, and the vendor seems to have issued me a cert that expected a "general-use" key.

TAC advised me to just generate another general-user keypair and get a new cert, which is what I did. I had no problem that time.


- Steve