Solved

Help installing wildcard cert onto Cisco ASA

Posted on 2013-11-13
3
2,161 Views
Last Modified: 2014-01-11
Hi guys,

Can someone help me with installing a wildcard cert onto my ASA.

I already have the cert (created on Windows) with the private and public keys, and the CA certs.

I have created a trustpoint for the CA and installed the CA cert. I've converted the cert using OpenSSL to PCKS12. I am getting problems importing the identity cert.

The commands I have tried entering and output are as follows.

crypto ca import <trustpoint> pkcs12 ****

Enter the base 64 encoded pkcs12.
End with the word "quit" on a line by itself:
-----BEGIN PKCS12-----
<snip>
-----END PKCS12-----
quit
ERROR: Import PKCS12 operation failed

crypto ca import <trustpoint> pkcs12 ****

Enter the base 64 encoded pkcs12.
End with the word "quit" on a line by itself:
<snip>
quit
ERROR: Import PKCS12 operation failed

<snip> is the text output from OpenSSL.

Thanks.
0
Comment
Question by:InteraX
  • 2
3 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 39644524
Try using a unix-compatible text editor such as Notepad++ or Programer's File Editor.  Open the cert with one of those, and then copy/paste it into your config.
0
 
LVL 16

Accepted Solution

by:
InteraX earned 0 total points
ID: 39644544
I only use notepad++. It's very strange. I've managed to import the pfx using ASDM, but as I'm using Cisco Security Manager to manage our firewalls (we have over 30) this doesn't really help me very much.
0
 
LVL 16

Author Closing Comment

by:InteraX
ID: 39773100
Was unable to import cert from the command line. Had to import it via the GUI.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding 14 173
Web Fraud scenarios to PoC F5  web fraud prevention 7 49
Monitor Bandwidth throughput in Fortigate 100D 1 35
ASA5510 Blocking a Wanted Website/Host 9 26
There is a question posted at http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28324159.html (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28324159.html) and i…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question