Solved

Cisco ASA-5520 Certificate Problem

Posted on 2011-02-14
5
2,452 Views
Last Modified: 2012-05-11
Hello experts,
I am trying to install a certificate from godaddy.com on a Cisco ASA-5520
I have peformed the following steps:
1. Obtained & installed the CA root certificate from godaddy (worked fine)
2. Generated the CSR (using the same TrustPoint under which I installed the root cert
3. When I attempt to install the certificate, I get the following error  
Has anyone run accross this before?  

Thanks in advance

 ASDM Error Msg
0
Comment
Question by:SpokaneISD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 34892650
you have to generate certificate request first on cisco firewall - the copy paste it to CA website or service - Ca should send you signed certificate - this signed cert you copy to your firewall - and then it gates validated or not.

Jan ICt Technician, CCNA
0
 

Author Comment

by:SpokaneISD
ID: 34892901
I have done all that.
I generated a CSR on the ASA-5520
I then use a wild card cert from godaddy.com. This cert covers one domain and any number of subdomains (*.mydomain.org).  I could find references to others using the godaddy wild card cert on an ASA with no problems.

Any other ideas?
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 34894690
update roms of you asa and try again. If not make sure you have reverse dns and dns pointing to appliance fqdn and ip addreses (lan and wan). this should work
0
 

Accepted Solution

by:
SpokaneISD earned 0 total points
ID: 34900631
OK, I figured it out.  Here are the steps that worked:

Download my wildcard cert (*.mydomain.org) from godaddy.com
From ASDM, navigate to Configuration> Device Management> Certificate Management> CA Certificates
Install the gd_bundle.crt that was in the download cert from godaddy
From an IIS server that was already using this certificate, I did the following:
Launched the MMC
File/add remove snap-in
add certificates snap-in
exported the *.mydomain.com cert to a .PFX file (contains both private & public keys)
From ASDM, navigate to Configuration> Device Management> Certificate Management> Identity Certificates
Import the .pfx file you exported
0
 

Author Closing Comment

by:SpokaneISD
ID: 34936458
I figured out the problem myself.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question