cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
269
Views
0
Helpful
1
Replies

Issues with CSR from ASA

james.king14
Beginner
Beginner

Each time I create a CSR from the ASA 5585-x (9.x) they are corrupted.  I used OpenSSL to create CSR and private Key and getting these errors.  


openssl pkcs12 -export -out GDOct_2024.pfx -inkey privkey.pem -in GD_OCT24.csr
Enter pass phrase for privkey.pem:
Could not read any certificates from -in file from GD_OCT24.csr

openssl pkcs12 -export -out GDOct_2024.pfx -inkey privkey.pem -in GDOct_2024.pem
Enter pass phrase for privkey.pem:
Could not read any certificates from -in file from GDOct_2024.pem


C:\Users\j.king>openssl pkcs12 -export -inkey privkey.pem -in GD_OCT24.csr -out GD_OCT24.pfx
Enter pass phrase for privkey.pem:
Could not read any certificates from -in file from GD_OCT24.csr

openssl pkcs12 -export -inkey privkey.pem -in GD_OCT24.txt -out GD_OCT24.pfx
Enter pass phrase for privkey.pem:
Could not read any certificates from -in file from GD_OCT24.txt

openssl rsa -noout -modulus -in privkey.pem
Enter pass phrase for privkey.pem:
Modulus=D6FE2E71C551073FF4E1240908D0BD3A71DA5E568D00B97984FE008D3DABD6348124CDDF95A4D9E3AEA38A37B14D604867A1F5FD6BCC87957FF1F454A3C799C9CAAE141021D71B6D1B5C2C4B6AB2FE5646EB9FB8B8F92BC4569DE81841C352BE3345B0C251851E95477336DC0663F1D3F3C9E7D11CD3C29DC664176A69D99E4ACCCCCB5E624F4A6DE021D3ABA566E27B135B60448557B3A5031CC15C14D699124F7810610A0422A92147AFB8CE01AE5CEAF5162E997D6E1C58C4A6F61084CB36BEA4224F43DDD7F87D980E0C893BB021A7F4D434296DD9B7F4270B9A763FFC1948525BB2F942DCC1DC292A41B045BFCCE451F492C0BD30C36E1E3783394D9FFF

openssl req -noout -modulus -in GD_OCT24.csr | openssl md5
MD5(stdin)= 6d3d8edc311f287f3563fbad0856140b

openssl req -noout -modulus -in privkey.pem | openssl md5
Unable to load X509 request
68950000:error:0480006C:PEM routines:get_name:no start line:crypto\pem\pem_lib.c:763:Expecting: CERTIFICATE REQUEST
MD5(stdin)= d41d8cd98f00b204e9800998ecf8427e

openssl req -noout -modulus -in GD_OCT24.txt | openssl md5
MD5(stdin)= 6d3d8edc311f287f3563fbad0856140b

 

1 Reply 1

Milos_Jovanovic
VIP Alumni
VIP Alumni

Hi @james.king14,

In first example you posted (and I would assume in all others, as it looks to me that they are just renamed files), you are trying to create PFX file out of private key and CSR, which is not possible. CSR stands for Certificate Signing Request, and that is exactly - request that needs to be signed. Once signed, it becomes certificate. You are getting warning that you have no certificate inside CSR, which is accurate.

You need to get CSR which you got out from ASA signed by your PKI. Once signed, you'll need to try again with certificate file.

Kind regards,

Milos

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: