cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

557
Views
0
Helpful
2
Replies
chris.perez86
Beginner

Wildcard SSL unable to install on ASA 5510

Hello Community,

 

I have never worked with a ASA firewall server or SSL certification installation. I have spent a great deal of time reading and watching related content. 

 

First, I do not have access to the appliance and I have to work with an engineer to access and install on the ASA 5510. The engineer has generated a CSR from the ASA 5510 under Certificate Management > Identity Certificates. I have submitted the CSR to the SSL company. The CSR was received, validated, and a Zip file with three CRT files was downloaded. I provided the engineer with the Zip file, he extracted the three CRT files but states he cannot install them. The engineer has provided a screenshot of the ASA pop-up window and it requires an "identity certificate from a file (PKCS12 format with Certificate(s)+Private Key)." 

 

I am stuck. I have re-issued the SSL certificate from my SSL company three times and the engineer states they are unable to install the certificates because the certificates do not meet the criteria. I watched the engineer, under Certificate Management > Identity Certificates > Install button on pending certificate, copy-paste the CRT file contents into the textbox and click install certificate. The results are an error (apologizes, I did not note the error message). I would love some feedback, advice, anything.

 

Thank you for your time. 

1 ACCEPTED SOLUTION

Accepted Solutions
Marvin Rhoads
VIP Community Legend

The error message shown would be if you were trying to import a certificate where the CSR was not generated on the ASA itself.

If you install onto a pending certificate (i.e., where you have already created the CSR), the ASA won't require the private key since it is already on the appliance.

View solution in original post

2 REPLIES 2
Marvin Rhoads
VIP Community Legend

The error message shown would be if you were trying to import a certificate where the CSR was not generated on the ASA itself.

If you install onto a pending certificate (i.e., where you have already created the CSR), the ASA won't require the private key since it is already on the appliance.

*Update*

 

I had the engineer re-created the CSR and the SSL company re-issue the CRT Zip file. I watched the engineer successfully install the files on the "pending" CSR under Identity Certificates. There were zero errors and the pop-up window requesting additional certificate information never presented itself. I would deem this a process problem not an appliance problem. I validated my webpage is now secure and the certificate information is accurate.


Thank you Marvin for your response.

Create
Recognize Your Peers
Content for Community-Ad