Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1043
Views
0
Helpful
2
Replies

Wildcard SSL unable to install on ASA 5510

Go to solution
chris.perez86
Level 1
Level 1

‎03-15-2022 04:08 PM

Hello Community,

 

I have never worked with a ASA firewall server or SSL certification installation. I have spent a great deal of time reading and watching related content. 

 

First, I do not have access to the appliance and I have to work with an engineer to access and install on the ASA 5510. The engineer has generated a CSR from the ASA 5510 under Certificate Management > Identity Certificates. I have submitted the CSR to the SSL company. The CSR was received, validated, and a Zip file with three CRT files was downloaded. I provided the engineer with the Zip file, he extracted the three CRT files but states he cannot install them. The engineer has provided a screenshot of the ASA pop-up window and it requires an "identity certificate from a file (PKCS12 format with Certificate(s)+Private Key)." 

 

I am stuck. I have re-issued the SSL certificate from my SSL company three times and the engineer states they are unable to install the certificates because the certificates do not meet the criteria. I watched the engineer, under Certificate Management > Identity Certificates > Install button on pending certificate, copy-paste the CRT file contents into the textbox and click install certificate. The results are an error (apologizes, I did not note the error message). I would love some feedback, advice, anything.

 

Thank you for your time. 

Preview file
23 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-16-2022 01:34 AM

The error message shown would be if you were trying to import a certificate where the CSR was not generated on the ASA itself.

If you install onto a pending certificate (i.e., where you have already created the CSR), the ASA won't require the private key since it is already on the appliance.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-16-2022 01:34 AM

The error message shown would be if you were trying to import a certificate where the CSR was not generated on the ASA itself.

If you install onto a pending certificate (i.e., where you have already created the CSR), the ASA won't require the private key since it is already on the appliance.

0 Helpful

Go to solution
chris.perez86
Level 1
Level 1
In response to Marvin Rhoads

‎03-16-2022 09:16 AM

*Update*

 

I had the engineer re-created the CSR and the SSL company re-issue the CRT Zip file. I watched the engineer successfully install the files on the "pending" CSR under Identity Certificates. There were zero errors and the pop-up window requesting additional certificate information never presented itself. I would deem this a process problem not an appliance problem. I validated my webpage is now secure and the certificate information is accurate.


Thank you Marvin for your response.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card