Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
690
Views
0
Helpful
2
Replies

CA certificate installation problem

DAVIES604
Level 1
Level 1

‎11-28-2018 01:40 AM

Hi all,

 

I'm having problems installing a CA cert on the ASA. The root cert installs fine, but the intermediate will not. Is there a character length limit for the CRL within the cert?

 

Debugging we get this output,

 

CERT-C: E ../cert-c/source/certobj.c(1516) : Error #705h

 

CERT-C: E ../cert-c/source/certobj.c(1528) : Error #72ah

CERT-C: E ../cert-c/source/certobj.c(874) : Error #72ah

CRYPTO_PKI: can not set ca cert object (0x72a)
CRYPTO_PKI: status = 65535: failed to process RA certificate

 

Any help appreciated.

 

Labels:
0 Helpful
2 Replies 2

Rahul Govindan
VIP Alumni
VIP Alumni

‎11-28-2018 10:58 AM

Are you trying to add it into the same trustpoint as the Root? This won't be possible as a trustpoint can only hold 1 CA cert (Root or intermediate) . Try adding this to another trustpoint if you have not done that already.

 

Also, which CA is this? Can you paste the steps that you took to install the intermediate cert?

0 Helpful

DAVIES604
Level 1
Level 1
In response to Rahul Govindan

‎11-28-2018 01:34 PM

Hi, many thanks for your reply.
After some trial and error fault finding, we discovered it was the Naming Constraints extension in the cert that the ASA didn’t like, we’re not sure exactly what it doesn’t like, but with them removed it installs fine.
0 Helpful
Customers Also Viewed These Support Documents