Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2532
Views
0
Helpful
1
Replies

Importing P12 or PEM Cert to ASA 9.14.x

fatalXerror
Level 5
Level 5

‎03-29-2022 08:11 AM

Hi Guys,

Really need your help.

I generated a CSR using my OpenSSL tool outside the ASA, this CSR is SHA256withRSAencryption as shown below,

 

Attributes:
challengePassword : <output-omitted>
Requested Extensions:
Signature Algorithm: sha256WithRSAEncryption
Signature Value:

<output-omitted>

 

Now, I got the certificate already and I tried to bundle it (cert key, identity cert, ica cert, and rca cert) to pfx then convert it to base64 (p12 or pem), I followed this procedure below:

 

1. http://www.labminutes.com/blog/public/2014/06/wildcard-certificate-generation-asa

2. https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html#anc7

 

Now I got the base64 format, when I am trying to import it either via ASDM or CLI, I always got an error stating "ERROR: Import PKCS12 operation failed". I tried to debug but nothing is showing significant output.

 

Anybody encountered this issue? Does ASA 9.14.x.x only supports SHA1 RSA signature?

 

Thanks for the help. 

 

0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎03-29-2022 12:19 PM

follow the below thread :

 

https://community.cisco.com/t5/vpn/cannot-import-wildcard-cert-on-asa/td-p/2604483

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card