Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
730
Views
5
Helpful
5
Replies

Certificate for VPN 3030

Go to solution
h.thivessen
Level 1
Level 1

‎10-06-2004 05:51 AM

Hello,

I try to install a digital certifcate from verisign on a vpn concentrator (release 4.1.6). This certificate shall be used for WebVPN-HTTPS (SSL).

When I try to install the certificate for SSL I get following error message:

Error installing SSL certificate: Incomplete chain.

(The certificate has a duration till 2006. The only note I have found on CCO is the duration of the certificate is longer then 2048).

Has anybody an idea what is wrong ??

Thanks Horst

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎10-06-2004 06:11 PM

You'll usually get this message if you haven't loaded the CA (root) cert onto the 3000 before trying to load the identity cert. You can't have an identity cert for SSL from an external CA server without having the root cert from that CA server installed also.

Go under Administration - Certificate Mgmt - CLick here to install a CA certificate, install that first then install the SSL cert.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎10-06-2004 06:11 PM

You'll usually get this message if you haven't loaded the CA (root) cert onto the 3000 before trying to load the identity cert. You can't have an identity cert for SSL from an external CA server without having the root cert from that CA server installed also.

Go under Administration - Certificate Mgmt - CLick here to install a CA certificate, install that first then install the SSL cert.

0 Helpful

Go to solution
h.thivessen
Level 1
Level 1
In response to gfullage

‎10-06-2004 10:47 PM

Is there a difference between a cert for CA and for ssl ?

I have installed the CA cert and then I produced under

SSl Certificates - Enrollment - Enroll via PKCS10 (manual) a CSR File. Verisign sends me back the cert.

But if I try to install that I get the error message as you can see above.

Under Enrollment Status I can see it "in progress"

Have a look to the attachment to see the screenshot !

There is no Identity Certificate - is that right ??

Thanks Horst

Preview file
73 KB
0 Helpful

Go to solution
h.thivessen
Level 1
Level 1
In response to gfullage

‎10-07-2004 12:25 AM

Hello,

thank you !! It was a wrong root certificate Versign sent me new ones and now it works :-))

Bye Horst

0 Helpful

Go to solution
arcoltd2004
Level 1
Level 1
In response to h.thivessen

‎11-11-2004 03:06 AM

What did verisign send you ? I am having the same issue. I have enrolled new ssl certificate and it is awaiting to be installed but when I install the certificate sent to me from verisign it says incomplete chain.

Thanks

0 Helpful

Go to solution
hthivessen
Level 1
Level 1
In response to arcoltd2004

‎11-11-2004 04:17 AM

Hello,

the problem was that verisign did not sent me a root certificate. They always sent me ssl certificates. I could install the ssl certificate also as root certificate - the VPN3000 did not informs me with a error message. But it did not work.

So the solution was that verisign sent me a root certificate and then a ssl certificate. So I installed the root certificate and afterwards the ssl certificate.

Now it works without any problems !

You have to talk to a technical person and tell him you need also a special root certificate. I think that some persons at verisign do not know anything about different certificates ;-(

Goot luck !

Horst

Customers Also Viewed These Support Documents