I am working in an isolated LAB enviroenment (no internet access) to gain understand Cisco AnyConnect VPN before moving into production.
I have setup my Cisco router as a CA ROOT and generated the root certificates as exportable. I have enrolled the ASA with the ROOT CA and can view the ID/ROOT certs on the ASA.
My problem is with my Windows XP client.
I cannot figure out how to get the Cisco IOS ROOT certificate(s) onto the Windows box.
When I try to import the ROOT CA certificates into Windows XP via the MMC utility, the error message says the certificate is invalid format.
On the IOS CA
crypto key generate rsa general-keys label ROOT exportable storage nvram:
crypto key export rsa ROOT pem url nvram: 3des cisco
I have also tried:
crypto key export rsa ROOT pem terminal 3des cisco
and then save the
-----BEGIN CERTIFICATE-----
%^#$^%%$^#%^%
-snip-
-----END CERTIFICATE-----
to a notepad file.
Each time I attempt to import into Windows via MMC, I receive the error message:
"The file is invalid for use as the following: Security Certificate"
Does ANYONE know what I am doing wrong...... and can explain how to do it right !!!!!
Please
Thank you
Frank