Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3502
Views
20
Helpful
6
Replies

Export/Import certificates from ASA to FTD

Go to solution
Chess Norris
Level 4
Level 4

‎07-14-2022 12:19 AM

Hi,

I'm migrating a multi-context ASA with both identity and CA certificates to a FTD and I wonder what would be the best way to export those certificates from the ASA and then import them to a FTD? I have access to both CLI and ASDM on the ASA, but would prefere using the CLI. In ASDM there is an option to export identity certificates, but not the CA certificates so I guess I need to use a different methods for those?

Thanks

/Chess 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Chess Norris
Level 4
Level 4

‎07-15-2022 11:01 AM

I was able to solve the issue by following this guide AnyConnect (FTD), PKCS12, and OpenSSL 

I used OpenSSL to associate the CA chain and created a new PKCS12 file. After doing that, I could enroll the certificate in FMC without any issues.

/Chess

View solution in original post

6 Replies 6

Go to solution
Rob Ingram
VIP
VIP

‎07-14-2022 12:28 AM

@Chess Norris here is a guide to export the ASA certificate to PKCS12 file. On the FTD you just need to import the PKCS12 file.

Go to solution
Chess Norris
Level 4
Level 4

‎07-14-2022 12:40 AM

Thanks for the quick reply. I'll take a look at this guide.

/Chess

0 Helpful

Go to solution
Chess Norris
Level 4
Level 4

‎07-14-2022 01:07 AM

@Rob Ingram While I was able to export/import some of the certificates, the one that are currently associated with RA VPN on the ASA fails. When I'm trying to enroll it on FTD, it gives me an error saying "Fail to configure CA certificate"

Using the exact same method I was able to enroll some other identity certificates, so I am not sure why this one fails. How can I troubleshoot this?

Thanks

/Chess

 

0 Helpful

Go to solution
Chess Norris
Level 4
Level 4

‎07-14-2022 03:52 AM

Followed every step in this troubleshoot guide - Troubleshoot Certificate Error "Fail to configure CA certificate" on FMC , but without any luck. I'm still getting the same error when trying to enroll. It's so strange because the same cert works perfectly on the ASA. 

/Chess

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Chess Norris

‎07-14-2022 05:15 AM

@Chess Norris what is the difference between the certificate(s) that worked and the one that doesn't? Perhaps a key size not supported on FTD/FMC?

Go to solution
Chess Norris
Level 4
Level 4

‎07-15-2022 11:01 AM

I was able to solve the issue by following this guide AnyConnect (FTD), PKCS12, and OpenSSL 

I used OpenSSL to associate the CA chain and created a new PKCS12 file. After doing that, I could enroll the certificate in FMC without any issues.

/Chess

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card