03-13-2018 08:09 AM - edited 03-12-2019 05:06 AM
Hi everyone. I think i posted this in the wrong forum so i'm hoping this is now the right one.
when installing an identity certificate from the CA i'm getting the error:
"You can not import this certificate, because it has not been configured for manual enrollment"
Any ideas? has anyone come across this?
Thanks
03-13-2018 12:09 PM
Hello @faghouri83,
Q.1. Did you create the CSR on the ASA?
Q.2. If yes, can you share the information for the CSR in the ASA?
Q.3. If not, you need to have the respective keys to be able to install it on the ASA.
HTH
Gio
03-13-2018 06:03 PM
Hi
I created the CSR on the firewall, however when i went to install the certificate, i could no longer see the identity certificate which says pending. My colleague then added a new one with the same trustpoint name and used the same rsa keypair that is still in the firewall.
when installing the certificate obtained from the ca, thats when i got the error mentioned in my first post. Any way i can recover this?
Thanks
03-14-2018 06:27 AM
Hello @faghouri83,
I´m sorry to say this but that will not work since the second CSR will create a new hash that is different from the first one and for that´s the reason why it doesn´t work since it is not the same CSR.
Unfortunately, there is no workaround for that. The only option is to get the certifcate with the private and public keys in order to import it on the ASA but normally if this is a third party vendor (verisign, godaddy, etc), they don´t provide that information.
As a side note, there is no way you can "retrieve" a CSR once it dissapears.
HTH
Gio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide