cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12993
Views
3
Helpful
3
Replies

Problems importing SSL certificate to ASA 7.2

rstevek
Level 1
Level 1

Hi all,

I cannot install the SSL certificate we purchased onto my ASA. Here are the messages I'm getting:

Can not select my public key (ssl.key)

Received General Purpose certificate for signature keypair

Do you wish to accept this certificate? [yes/no]: yes

Cannot import certificate -

Certificate does not contain device's General Purpose public key

for trust point ComodoSSL.trustpoint

ERROR: Failed to parse or verify imported certificate

The vendor from which we purchased the cert sends two other certificates with it; one is a Root CA cert and the other an Intermediate CA cert. On my old VPN 3015, I had to install both of these as Certificate Authorities. I can't figure out how to do this on the ASA. I can authenticate my trustpoint using either CA cert, but not add the other. I'm wondering if this is causing the error when importing the SSL cert.

Any help would be appreciated!

Thanks,

- Steve

3 Replies 3

amritpatek
Level 6
Level 6

It looks like you don't have the keypair which you used to generate the certificate request saved on the device so when you try to import the device certificate it complains that it doesn't have the keypair associated with the device certificate that you are trying to import.

Hi,

I opened a ticket with TAC on this. I had generated a "usage" keypair on the ASA, and the vendor seems to have issued me a cert that expected a "general-use" key.

TAC advised me to just generate another general-user keypair and get a new cert, which is what I did. I had no problem that time.

Thanks,

- Steve

I have experienced and resolved issues like this.

The solution was to change the key pair to 2048.

And we used CSR generated by ASA when issuing certificates.

I hope my answer will help a lot of you.
Review Cisco Networking for a $25 gift card