05-20-2019 02:32 PM - edited 02-21-2020 09:09 AM
I recently uploaded an SSL cert to our FMC to apply to a RA VPN and received the error below. Is this expected when uploading a PKCS file?
05-20-2019 02:40 PM
05-21-2019 09:30 AM
I followed your instruction and uploaded the Root cert. The error is still showing, does the PCKS12 file need to be removed and re-added?
05-21-2019 01:00 PM
05-22-2019 11:49 AM
I included the root cert, the signed CA, and the private key.
05-22-2019 12:13 PM
If it is a multiple chain cert with Root and Sub CA's, try only adding the identity and immediate sub CA to the pkcs12 file. For example, if the chain is like this:
RootCA---> SubCA1---->SubCA2---->Identity Cert
Only add the SubCA2, identity cert and private key to the p12 file and test.
Also, to troubleshoot, run the following debugs on the diagnostic CLI when importing it via the FMC:
debug crypto ca 255
debug crypto ca messages 255
debug crypto transactions 255
05-22-2019 02:06 PM
I uploaded only the SubCA, the identity cert, and the private key and received the same error. I ran the debugs but didn't receive anything during the upload.
05-22-2019 02:07 PM - edited 05-23-2019 11:40 AM
Uploading only the Sub-CA, Private Key, and Identity cert to the PKCS file resolved the issue. Any reason why it would cause a problem to keep the root cert in the file?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide