08-07-2015 09:20 AM
Hi In a new ASA, I am trying to install certificate. But when I paste certificate data, I got an error message. Please see screenshot in attachment. Anyone can me some suggestion ? Thank you.
Solved! Go to Solution.
08-11-2015 02:22 PM
As noted in step 5 of the Cisco procedure, you save the CSR to a text file.
That text file needs to be sent to your CA.
For a public CA, it is either via a web portal (most common) or via email.
If it's your own internal CA, and you administer it, you might just copy the text onto the CA server's certificate issuing tool.
08-07-2015 10:26 AM
What's the source of the certificate?
Do you have the private key used to generate the Certificate Signing Request (CSR) present on the ASA? Since you are using the Install method, you must have a pending CSR.
08-07-2015 12:37 PM
Thank you so much for your reply. I am doing it based on the link:
http://www.petenetlive.com/KB/Article/0000694.htm
The document does not mention private key. I am just doing it step by step based on the link. It looks like the process created the CSR.
08-07-2015 01:05 PM
The key mentioned early in Pete's posting is the private key I asked about.
Who is the CA you are using? Did you install the root and intermediate certificates like Pete noted? Can you open the certificate file in Windows and see that it is a valid certificate?
08-11-2015 08:51 AM
I am sorry for the late reply due to other issues.
Here is the process:
7, Submit the certificate request to the certificate administrator, who issues the certificate on the server. This can either be through a web interface, e-mail, or directly to the root CA server for certificate issue process.
08-11-2015 01:51 PM
It sounds like you are mixing up procedures for a self-signed certificate and a CA-signed certificate.
If you are using an external CA then you follow the procedures in the guides you cited. they are both for external CA certificate request and install. Inherent in that process is generating of the Certificate Signing Request (CSR). That is what you send off to the CA.
08-11-2015 02:08 PM
After I tried to send out the CSR, it looks like the CSR is pending there in ASDM. Sending it to CA is what we want, right ? if so, how to send it to CA ? Thank you.
08-11-2015 02:22 PM
As noted in step 5 of the Cisco procedure, you save the CSR to a text file.
That text file needs to be sent to your CA.
For a public CA, it is either via a web portal (most common) or via email.
If it's your own internal CA, and you administer it, you might just copy the text onto the CA server's certificate issuing tool.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide