ASA 5505 CSR problem
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2008 04:03 AM - edited 03-11-2019 07:04 AM
hello
i'm trying to generate a csr on an ASA 5505 (ASDM 6.1(1) ASA v8.0(3)) for our new SSL VPN service. i followed the documentation at http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808b3cff.shtml and submitted the csr to our 3rd party vendor Globalsign.
a few days later the request was rejected due "to the inclusion of an unstructuredName element within the subject of the CSR."
when i generate the csr (either from cli or asdm), the resultant csr contains
unstructuredName=IA5STRING:<my_fqdn>
where my_fqdn is the name i used in the CN field.
i tried generating a csr for the asa with openssl and submitted that to globalsign which was successful but get the error "Certificate does not contain general purpose public key" when i try to install it.
any ideas or pointers appreciated.
thanks
andy
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-29-2008 07:46 AM
got this working - i was half way there. when the original csr (from the asa) was rejected by globalsign i generated a csr using openssl:
openSSL>req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem
when i received the cert from globalsign i combined it with my key:
openssl>pkcs12 -export -in CA.pem -inkey mykey.pem -out CA.p12 -clcerts -passin pass:
then went to ASA and Configuration->Device Management->Certificate Management->Identity Certificates. selected Add and 'import identity certificate form file' - used output file from last openssl statement with password and cert imported ok
