I have tried multiple methods to upload a new wildcard ssl certificate on our ASA witthout success.
Normally i would generate the csr from the device itself and that worked flawlessly over the years. However, this time i was given a wildcard cert with a .pfx extension for multiple devices. I have tried uploading the identity certificate as a pfx, and as converted to a pem. I have tried building it using the privated key, and the crt file with the intermediate using openssl etc...etc...I have tried through asdm and cli.....Debug crypto ca 255 is not of very much help neither, nor google...
Goto https://www.sslshopper.com/ssl-converter.html and convert your .cer file into .pfx( Pkcs12 format) by inputing urdomain.cer & intermedicate.cer & private key (consider you have downloaded your private keys and certificates ie. *.urdomain.com) from gogaddy.com
After you create .pfx file, In ASDM, Configuration, Device Management, Certificate Management, CA Certificates; click Add, don't change any defaults, install from file, locate the gd_intermediate.crt file. Once the intermediate cert is loaded, go to Identity Certificates (right below CA Certificates) and do something similar (Add, import from file, chose the .pfx file, and enter the password for the .pfx.
Have been a failure.
I have installed many certs from a csr on the device but never a wildcard generated elsewhere.
Is it possible on 5510 to install this type? Do I need a rehosted cert? What are the proper steps to attain a wildcard cert from iis or similar server?
Any new information on this subject would be greatly appreciated!
I have the same problem on a 5515-X, and I've tried pretty much the same things. The weird thing for me is that everything worked great until I did an OS upgrade. Back on 8.6.1, my browser successfully verified the certificate on my SSL VPN login page, and AnyConnect never brought up any warning boxes. But after I upgraded to 9.1.3, the box was back to using a self-signed cert. The wildcard identity certificate seems to have just disappeared, though the GoDaddy CA cert and my local CA cert both stayed intact.
I've used OpenSSL to convert and verify my cert file in a number of different ways, but all of my supposedly valid files still get the import operation failed message. So it seems like there was some OS change that suddenly made my wildcard incompatible, but I haven't figured out what it is yet.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :