Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5114
Views
5
Helpful
3
Replies

installing an intermediate certificate on an ASA?

kdotzoltan_2004
Level 1
Level 1

‎07-08-2011 05:36 AM

We have some ASA 5550 devices, with software versions:

Cisco Adaptive Security Appliance Software Version 8.4(1)

Device Manager Version 6.4(1)

as part of an SSL VPN architecture.

All have publicly signed certificates, but on some the certificate chain is broken, due to missing intermediate certificates. This seems to have little impact on users, who are able to connect through these devices as well, I just wanted to fix this -so far- cosmetic issue.

I'm using a number of online tools like ( http://www.sslshopper.com/ssl-checker.html ) for example to check the SSL certificates.

On one of the devices with a broken cert chain I have successfully installed the intermediate certificate, however, the SSL checker tools still see a broken chain.

I have searched the internet high and low, but haven't found anything that would shed a light on this issue.

I have met a similar situation on a Citrix server recently, where I needed to restart the server for the intermediate chain to be recognized. Is there something similar on the ASA as well?

thanks,

  Zoltan

Labels:
0 Helpful
3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎07-18-2011 04:54 AM

Zoltan,

Have you find your way around this?

If not, I would be interested to see the broken chain and your trustpoint config + "show crypto ca cert" output :-)

Marcin

0 Helpful

kdotzoltan_2004
Level 1
Level 1
In response to Marcin Latosiewicz

‎07-18-2011 05:05 AM

Hi Marcin,

it seems I was trying to install the wrong intermediate certificate. Checking with Verisign's similar tool (as the certificate was issued by them), I have also got the appropriate intermediate certificates I needed to install and that has been the answer to the problem.

Regards,

Z

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to kdotzoltan_2004

‎07-18-2011 05:44 AM

Cool! Marked your post as helpful ;-)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents