Hello guys,
I'm not quite sure do I post within the right thread so please correct me if I'm wrong.
Anyway, the problem is as subject says - Problem with installation of wildcard certificate on Cisco ASA 5520 (VPN Plus license). Software version is 8.2(2).
I noticed two issues. We've bought a wildcard certificate for our domains example.com, example.org. Certificate provider is Geo Trust.
The first problem is that I'm unable to install the complete certificate chain. If I install the Root CA of GeoTrust, I'm unable to install the sub-ordinate CA, which has actually signed my cert, within the same trustpoint. The warning message says that "WARNING: Trustpoint GeoTrustRA is already authenticated." (this happens when I try to install the sub-ordinate CA, which stays in between Root CA and my certificate, within the same trustpoint as RootCA certificate.
The second problem is the actuall problem however. When I try to install the wildcard certificate, using ASDM, i got the following error: (actually I did intentionally type the wrong password and I receive absolutely the same error)
Here is the setup of CA. As you can see, both certificates which must relay on the same trustpoint as chain, are divided in two trustpoint configurations:
I tried to debug crypto ca 255 but there is nothing interesting within the log file.
If I try to add the Sub-ordinate certificate within the trustpoint where Root CA is installed, I got the following error:
When I try to manually install the wildcard certificate from CLI (It's in BASE-64 format), I do receive the following error:
| CLI Issue |
|---|
vpngw2(config)# crypto ca import GeoTrust pkcs12 password_here Enter the base 64 encoded pkcs12. End with the word "quit" on a line by itself: -----BEGIN CERTIFICATE----- MIIEhjCCA26gAwIBAgICekswDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx [cut] RPg4gnOGlySGVA== -----END CERTIFICATE----- quit ERROR: Import PKCS12 operation failed |
Any thoughts, ideas, questions or whetever are more than welcome!
