Re: ASA certificate adding sequence - Page 2

valentyn-lytvynov · ‎09-24-2024

Hi Guys

Need to renewal certificate for vpn on ASA Virtual applince

I have chain of valid certificate issued by certigio including wildcard-cert for domain, but every time got error while import the certificate (error in saving certificate, failed import, Certificate does not contain device's General Purpose public key
for trust point and etc..). Please, explain to my how sequence right for it and which exact certificate must be converted?

Thanks in advance..

Aref Alsouqi · ‎09-25-2024

Do you or any of your colleagues have access to the certificate provider portal where you can download your certificate? if so, usually you find a couple of options of how you want to download your certificate, worth checking this.

If no one has the private key and you can't download from anywhere else, and here I mean from a network device where the updated wildcard certificate was uploaded, then I think you would need to go through this whole process again.

If you should go through this process again then I would recommend using a specific FQDN for VPN connection and issue a new cert for the VPN rather than using a wildcard cert. In this case you would also need to create a new public DNS A record with the new FQDN pointing to the firewall public IP.

valentyn-lytvynov · ‎11-02-2024

Guys, it's very simple to do

Just, create new Trustpoint_ and enroll it from Intermediate certificate (Sectigo_RSA_Domain_Validation_Secure_Server_CA in my case) first, and then Import ca cert from Wildcard domain certificate, that all!

No need converted to base 64, or *pem or another. If you purchased domain certificate chain in third patty issuer you have enough!