cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
541
Views
0
Helpful
1
Replies

Cannot authenticate an imported pkcs12 identity cert

rcullum
Level 1
Level 1

ASA 9.1 code.....I've imported two CA certs as TrustpointB and TrustpointC. TrustpointB is an Intermediate CA, TrustpointC is the Root CA for this. I'm now trying to import a wildcard identity certificate (so no CSR) as TrustpointA. This is issued by the intermediate CA. The Identity is a .pfx file , which I believe is a pkcs12 file. The identity cert installs successfully according to ASDM, but from cli if I type "show crypto ca trustpoint", the Identity Trustpoint says it's not authenticated. If I try 'authenticating' this trustpoint, using "crypto ca authenticate TrustpointA" I get a message saying "ERROR: You must specify an enrollment URL for this CA before you can authenticate it.".

So how do you authenticate an imported Identity certificate in pkcs12 format? 

1 Reply 1

rcullum
Level 1
Level 1

Ok, so I worked out what the issue was. Both are PKCS #12 file formats, and ASDM did allow ,me to import both formats and reported no problems. However, to correctly 'authenticate' the cert, the .pfx needs to be converted to .p12 format. Using openssl, something like this:

openssl base64 -in <certfilename>.pfx -out <certfilename>.p12

This then correctly associates the signing CA with the identity cert Trustpoint..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: