cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
25719
Views
0
Helpful
2
Replies

How to place the certificate in Trusted Root Certification Authorities store in ASA

eigrpy
Level 4
Level 4

Hi I created a certificate by ASDM wizard. I got the certificate detail, Please see screenshot in attachment, which says:

"This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store."

My question is how to place the certificate in Trusted Root Certification Authorities store in order for This CA Root certificate is not trusted is trusted ?

Can we say Trustpoint is Trusted Root Certification Authorities store?

Thank you

2 Replies 2

Hi showipospf!

 

You can go to: 

Configuration -> Device Management -> Certificate Management -> CA Certificates

There, you can add the CA Root certificate. This one is usually  included in the package sent by the 3rd party Certificate Authority.

 

 

- Cesar. 

Marvin Rhoads
Hall of Fame
Hall of Fame

In your case the screenshot is from a client. Presumably they are connecting to as ASA (at 12.1.1.1) that uses a self-signed certificate.

So the "Trusted Root Certification Authorities store" here is on the client PC. To avoid that message, the certificate must be imported locally on the PC and you must override the default selection to tell Windows to not simply trust the certificate but to trust the issuer as a certification authority.

The easiest way to do that is to browse to the ASA via https. Use your browser tools to copy the certificate locally to your PC. Right click on that downloaded file and "Install Certificate". the Certificate Import Wizard will popup. Follow the prompts making sure to choose the right store (screenshot below).

Once you're done, you can inspect the updated store if you like by using the certmgr.msc MMC plug-in for certificate management.

Review Cisco Networking for a $25 gift card