Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2795
Views
0
Helpful
2
Replies

Adding a new Identity Cert to FP ASA - Error when importing

lhoyle
Level 1
Level 1

‎03-11-2021 02:05 PM

We are renewing a Digicert Identity certificate, and we get "Error: Import PKCS12 operation failed. Base64 decode failed. Our certificate SME insists the cert is good as he can convert the pfx to a pem (base64). Does anyone have an ideas for me to look at? This is a very new ASA, spun up at the beginning of the pandemic so we would have more seats for our VPN user base.

 

0 Helpful
2 Replies 2

stepay75
Level 1
Level 1

‎10-14-2021 11:44 AM

Did you resolve this issue?  We are seeing the same issue where we are getting the same error message Error: Import PKCS12 operation failed.  We have previously imported certificates in .pfx format fine for ssl VPN. Its come around to renewing the certificate, as it is due to expire soon.  Certificate is from Digicert (Quo Vadis), the ASA in on 9.12.(4)18.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to stepay75

‎10-16-2021 04:17 AM

I am assuming you have done the renewal by creating a CSR, getting it signed by DigiCert, and then importing the certificate to the ASA?

Did you ask for, and receive, the full certificate chain from DigiCert and imported the received root certificate and sub certificate in the the trust store?

This failure most often happens because the root and/or sub certificate of the CA that was used to sign the identity certificate is not imported to the ASA.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card