Solved: Re: ASA - SSL Certificate Install/Import Issue

MattRepko · ‎10-27-2020

Hello,

I'm relatively new to managing Cisco ASA units having worked with other vendor security products. I'm working on something I thought would be relatively simple but I'm unable to install/import a GoDaddy issued certificate via the ASDM. I was able to generate the CSR and create the certificate without issue.

The error message I am receiving is attached.

I'm sure the key part of this issue is the "configure 'no ca-check' command in the trust point configuration but I haven't been able to find the necessary instructions to accomplish this.

Any and all help is appreciated.

Aref Alsouqi · ‎10-28-2020

Please go into that trust point from CLI, and issue the command no ca-check, or untick the Enable CA flag in basic constraints extension checkbox on ASDM window when you add the cert, and try again.

View solution in original post

Aref Alsouqi · ‎10-28-2020

There is no attached screenshot with the error.

MattRepko · ‎10-28-2020

Sorry about that. I thought the error message was attached.

Aref Alsouqi · ‎10-28-2020

Did you import the full chain of GoDaddy certs on the firewall? including the root CA certs?

MattRepko · ‎10-28-2020

I imported the GoDaddy cert just now and that worked fine. There were three files provided to me in the ZIP file I downloaded from GoDaddy. I attempted to import the other two and now I'm receiving this error message which is slightly different.

Note that the files are the same file name with a different file extension. One is a .CRT and the other is a .PEM file.

Aref Alsouqi · ‎10-28-2020

Please go into that trust point from CLI, and issue the command no ca-check, or untick the Enable CA flag in basic constraints extension checkbox on ASDM window when you add the cert, and try again.