cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
4452
Views
5
Helpful
3
Replies
kdotzoltan_2004
Beginner

installing an intermediate certificate on an ASA?

We have some ASA 5550 devices, with software versions:

Cisco Adaptive Security Appliance Software Version 8.4(1)

Device Manager Version 6.4(1)

as part of an SSL VPN architecture.

All have publicly signed certificates, but on some the certificate chain is broken, due to missing intermediate certificates. This seems to have little impact on users, who are able to connect through these devices as well, I just wanted to fix this -so far- cosmetic issue.

I'm using a number of online tools like ( http://www.sslshopper.com/ssl-checker.html ) for example to check the SSL certificates.

On one of the devices with a broken cert chain I have successfully installed the intermediate certificate, however, the SSL checker tools still see a broken chain.

I have searched the internet high and low, but haven't found anything that would shed a light on this issue.

I have met a similar situation on a Citrix server recently, where I needed to restart the server for the intermediate chain to be recognized. Is there something similar on the ASA as well?

thanks,

  Zoltan

3 REPLIES 3
Marcin Latosiewicz
Cisco Employee

Zoltan,

Have you find your way around this?

If not, I would be interested to see the broken chain and your trustpoint config + "show crypto ca cert" output :-)

Marcin

Hi Marcin,

it seems I was trying to install the wrong intermediate certificate. Checking with Verisign's similar tool (as the certificate was issued by them), I have also got the appropriate intermediate certificates I needed to install and that has been the answer to the problem.

Regards,

Z

Cool! Marked your post as helpful ;-)

Create
Recognize Your Peers
Content for Community-Ad