Solved: Cannot Import HTTPS Certificate into FMC - SAN attribute

AlexanderD · ‎12-22-2020

Hi,

I'm using Cisco Firepower Management Center 1000 version 6.3.0.2. I tried to renew the HTTPS-Certificate under System -> Configuration -> HTTPS Certificate. I generated new certificate our CA and later I tried to import the new certificate. But I got an error (Invalid certificate).

My CA requires a SAN attribute, but the CNAME attribute is optional. CSR's FMC out-of-the-box not supported SAN attribute . Is there a solution to this problem?

Marvin Rhoads · ‎12-22-2020

Create your CSR separately from FMC using openssl or something like XCA (Windows freeware). Submit it to the CA and get the signed certificate. Then import the signed certificate and private key into FMC.

View solution in original post

Marvin Rhoads · ‎12-22-2020

Create your CSR separately from FMC using openssl or something like XCA (Windows freeware). Submit it to the CA and get the signed certificate. Then import the signed certificate and private key into FMC.

AlexanderD · ‎12-22-2020

@Marvin Rhoads

I have already issued the certificate directly on our CA (Unipass). I tried to import the separately keys (public, private, chain) without success. What's the advantage of creating CSR using openssl versus importing a signed certificate?

Our CA not supported other templates.

Marvin Rhoads · ‎12-22-2020

When you generate a CSR using a tool such as I suggested you have complete control over which fields are included (SAN, CN etc.). That way you can include both the SAN that your CA requires as well as the CN which FMC requires.