cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3782
Views
0
Helpful
5
Replies

ASA - SSL Certificate Install/Import Issue

MattRepko
Level 1
Level 1

Hello,

 

I'm relatively new to managing Cisco ASA units having worked with other vendor security products.  I'm working on something I thought would be relatively simple but I'm unable to install/import a GoDaddy issued certificate via the ASDM.  I was able to generate the CSR and create the certificate without issue.

 

The error message I am receiving is attached.  

 

I'm sure the key part of this issue is the "configure 'no ca-check' command in the trust point configuration but I haven't been able to find the necessary instructions to accomplish this.

 

Any and all help is appreciated.

1 Accepted Solution

Accepted Solutions

Please go into that trust point from CLI, and issue the command no ca-check, or untick the Enable CA flag in basic constraints extension checkbox on ASDM window when you add the cert, and try again.

View solution in original post

5 Replies 5

There is no attached screenshot with the error.

Sorry about that.  I thought the error message was attached.

Did you import the full chain of GoDaddy certs on the firewall? including the root CA certs?

 

I imported the GoDaddy cert just now and that worked fine.  There were three files provided to me in the ZIP file I downloaded from GoDaddy.  I attempted to import the other two and now I'm receiving this error message which is slightly different.

 

Note that the files are the same file name with a different file extension.  One is a .CRT and the other is a .PEM file.

Please go into that trust point from CLI, and issue the command no ca-check, or untick the Enable CA flag in basic constraints extension checkbox on ASDM window when you add the cert, and try again.