https://community.cisco.com/t5/network-security/importing-certificate-for-ldaps/m-p/4801393#M1099003 <P>Hi,</P><P>thanks for the fast respond, appreciated.&nbsp; Thought this would be simple where we get the certification from our Domain Controller (ldap server) and import into ASA as a trustpoint, then it threw that error trying install.&nbsp; we have a internal CA server, so can you share how you got your colleague to generated the LDAPS certificate with a shorter expiration date such as 2 years?&nbsp; Does that mean it will that it would need renewal every 2 years?&nbsp; Btw, I'm running asa 9.16.4 on the asa I am testing, but would need to update my live environment ASA from 9.12.4 to 9.16.4 as we have Duo 2FA which they announced recent change to secure LDAPS and their certificate work.&nbsp; Thank you in advance.</P><P>&nbsp;</P> Sat, 25 Mar 2023 21:19:36 GMT joeyx31x13 2023-03-25T21:19:36Z https://community.cisco.com/t5/network-security/importing-certificate-for-ldaps/m-p/4705220#M1094333 <P>We need to import the server certificate to the ASA in order to use LDAPS for VPN authentication.&nbsp; The server certificate has a creation date of 06-06-2021 but an expiration of 06-06-2121.&nbsp; When I attempt to import the certificate into the ASA the creation date looks correct, but the expiration date shows 04-30-1985??</P><P>Cisco Adaptive Security Appliance Software Version 9.16(3)19</P><P>% CA Cert not yet valid or is expired -<BR />start date: 14:05:13 UTC Jun 6 2021<BR />end date: 07:46:57 UTC Apr 30 1985<BR />% Error in saving certificate: status = FAIL</P> Tue, 18 Oct 2022 23:55:02 GMT https://community.cisco.com/t5/network-security/importing-certificate-for-ldaps/m-p/4705220#M1094333 lmqtechnology 2022-10-18T23:55:02Z https://community.cisco.com/t5/network-security/importing-certificate-for-ldaps/m-p/4801379#M1099000 <P>Hi</P><P>did you have this resolved as I have the issue as well? Thanks</P> Sat, 25 Mar 2023 19:11:31 GMT https://community.cisco.com/t5/network-security/importing-certificate-for-ldaps/m-p/4801379#M1099000 joeyx31x13 2023-03-25T19:11:31Z https://community.cisco.com/t5/network-security/importing-certificate-for-ldaps/m-p/4801385#M1099002 <P>Yup, it's an ASA bug whereby it cannot accept certificates that have an expiration date that is too far in the future (the error message is completely misleading).&nbsp; In our case the person who generated the LDAPS certificate gave it an expiration date of 100 years in the future.&nbsp; We simply got them to regenerate the certificate with a shorter expiration date such as 2 years.</P> Sat, 25 Mar 2023 19:51:45 GMT https://community.cisco.com/t5/network-security/importing-certificate-for-ldaps/m-p/4801385#M1099002 lmqtechnology 2023-03-25T19:51:45Z https://community.cisco.com/t5/network-security/importing-certificate-for-ldaps/m-p/4801393#M1099003 <P>Hi,</P><P>thanks for the fast respond, appreciated.&nbsp; Thought this would be simple where we get the certification from our Domain Controller (ldap server) and import into ASA as a trustpoint, then it threw that error trying install.&nbsp; we have a internal CA server, so can you share how you got your colleague to generated the LDAPS certificate with a shorter expiration date such as 2 years?&nbsp; Does that mean it will that it would need renewal every 2 years?&nbsp; Btw, I'm running asa 9.16.4 on the asa I am testing, but would need to update my live environment ASA from 9.12.4 to 9.16.4 as we have Duo 2FA which they announced recent change to secure LDAPS and their certificate work.&nbsp; Thank you in advance.</P><P>&nbsp;</P> Sat, 25 Mar 2023 21:19:36 GMT https://community.cisco.com/t5/network-security/importing-certificate-for-ldaps/m-p/4801393#M1099003 joeyx31x13 2023-03-25T21:19:36Z