Re: Getting a you cannot import this certificate error when installing an identity certificate.

faghouri83 · ‎03-13-2018

Hi everyone. I think i posted this in the wrong forum so i'm hoping this is now the right one.

when installing an identity certificate from the CA i'm getting the error:

"You can not import this certificate, because it has not been configured for manual enrollment"

Any ideas? has anyone come across this?

Thanks

GioGonza · ‎03-13-2018

Hello @faghouri83,

Q.1. Did you create the CSR on the ASA?

Q.2. If yes, can you share the information for the CSR in the ASA?

Q.3. If not, you need to have the respective keys to be able to install it on the ASA.

HTH

Gio

faghouri83 · ‎03-13-2018

Hi

I created the CSR on the firewall, however when i went to install the certificate, i could no longer see the identity certificate which says pending. My colleague then added a new one with the same trustpoint name and used the same rsa keypair that is still in the firewall.

when installing the certificate obtained from the ca, thats when i got the error mentioned in my first post. Any way i can recover this?

Thanks

GioGonza · ‎03-14-2018

Hello @faghouri83,

I´m sorry to say this but that will not work since the second CSR will create a new hash that is different from the first one and for that´s the reason why it doesn´t work since it is not the same CSR.

Unfortunately, there is no workaround for that. The only option is to get the certifcate with the private and public keys in order to import it on the ASA but normally if this is a third party vendor (verisign, godaddy, etc), they don´t provide that information.

As a side note, there is no way you can "retrieve" a CSR once it dissapears.

HTH

Gio