cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

399
Views
0
Helpful
3
Replies
Beginner

Getting a you cannot import this certificate error when installing an identity certificate.

Hi everyone. I think i posted this in the wrong forum so i'm hoping this is now the right one.

 

when installing an identity certificate from the CA i'm getting the error:

 

"You can not import this certificate, because it has not been configured for manual enrollment" 

 

Any ideas? has anyone come across this? 

 

Thanks

3 REPLIES 3
Enthusiast

Re: Getting a you cannot import this certificate error when installing an identity certificate.

Hello @faghouri83

 

Q.1. Did you create the CSR on the ASA?

Q.2. If yes, can you share the information for the CSR in the ASA?

Q.3. If not, you need to have the respective keys to be able to install it on the ASA. 

 

HTH

Gio

Highlighted
Beginner

Re: Getting a you cannot import this certificate error when installing an identity certificate.

Hi 

 

I created the CSR on the firewall, however when i went to install the certificate, i could no longer see the identity certificate which says pending. My colleague then added a new one with the same trustpoint name and used the same rsa keypair that is still in the firewall. 

 

when installing the certificate obtained from the ca, thats when i got the error mentioned in my first post. Any way i can recover this? 

 

Thanks

 

 

Enthusiast

Re: Getting a you cannot import this certificate error when installing an identity certificate.

Hello @faghouri83

 

I´m sorry to say this but that will not work since the second CSR will create a new hash that is different from the first one and for that´s the reason why it doesn´t work since it is not the same CSR. 

 

Unfortunately, there is no workaround for that. The only option is to get the certifcate with the private and public keys in order to import it on the ASA but normally if this is a third party vendor (verisign, godaddy, etc), they don´t provide that information. 

 

As a side note, there is no way you can "retrieve" a CSR once it dissapears. 

 

HTH

Gio

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here