Import a PKCS12 format Certificate from an External CA to IOS Router. The certificate will be used for IOS SSL VPN.
During the Certificate import the below messages appear on the Router. Eventually the certificate doesn't seem to work for SSL when assigned to the WebVPN Config.
% Warning: CA cert is not found. The imported certs might not be usable.
CRYPTO_PKI: Import PKCS12 operation failed to create trustpoint test
%PKI-6-PKCS12IMPORT_FAIL: PKCS #12 Import Failed.
The problem above is that the PKCS12 file only includes the Router\Identity Certificate but does not include the CA certificate. This results in the Certificate Chain creation failure on the Router, when the router tries to send it during SSL negotiation for SSL VPN.
1. Import the CA Root Certificate in Windows. The Root Certificate can be obtained by contacting the Vendor.
2. Import the PKCS12 file in Windows. When importing the certificate, make sure that you check the box " Mark this key as exportable..".
3. Windows OS will create the Certificate Chain automatically.
4. Export the just imported certificate again ,when exporting certificate select the option "Yes, export the private key".
Also during export "check" the box "Include all certificates in the certification path, if possible".
Also "uncheck" the box "Enable strong protection..."
5. The above exported certificate will be in binary format. This needs to be converted to PKCS12 in Base64.
Hi All, First of all, I have to say that after upgrading my virtual FMC to 6.6 it definitely feels more snappy. Makes me want to spend more time working with it.Anyway, whenever I log into FMC I am greeted by this graph, which seems very inaccurate. ...
Hi Guys, I am deploying a new network and I am implementing posture assessment over wired, wireless and VPN.I would like to achieve this: when a user is compliance, the user can connect to any other corp network without performing another posture sca...
Hello Guys, Need help on troubleshooting the ssh from outside(WAN) interface, I attached the config below. Please advice with commands for troubleshooting. Thanks, Result of the command: "sh run": SavedResult of the command: "sh run": Saved...
Hello Experts, I have Cisco ASA having WAN port connected to ISP router. The ISP router is giving us 500 MBPS bandwidth and firewall WAN port is configured as 1 gbps. I saw some packet drops at WAN interface everyday and I have been suggested t...
Hello Guys, I connected ASA with Internet (Outside port) and Connected with switch as a trunk port. I configured vlan10 (inside) and vlan20 (guestWIFI). I want to make sure vlan10 and vlan20 should reach each other but it is not. i attach...