Can't install 3rd Party SSL into Cisco ASA 5505

Hello all

I have a Cisco ASA 5505 , running ASA Version 8.3(1), and ASDM version 6.3(1)

I cannot install a 3rd party (GoDaddy/Starfield tech) SSL certificate for the life of me.

Generating the CSR from the ASA itself I get "Failed to parse or verify imported certificate" even though the starfield specific root and intermediate certificates seem to install fine.

Someone in the Cisco support forums suggested generating the CSR from a windows computer, installing the cert on windows computer, and then exporting out to PKCS12 (.pfx), then importing into ASA afterward.

I'm met with Error Import PKCS12 operation failed.
LVL 3
Tom-J-LaelAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Darkstriker69Commented:
Your best bet is to create the certificate request on the ASA. Here are some straightforward instructions for using the ASDM to create a certificate request. You will want to be sure to change the CN value to your match your DNS record.

https://www.digicert.com/csr-creation-cisco-asa-vpn.htm
Tom-J-LaelAuthor Commented:
Darkstriker69

Thanks for that info. I did see that before. Originally I did generate CSR from ASA itself, but had some much trouble I was willing to entertain generating it from elsewhere.

My problem was two fold

1. Needed to be SHA-1 , and not SHA-2. My best guess is because of the old ASA code ( 8.3.1)

2.  Secondly, the SSL I bought was for 3 years, but the Intermediate cert and root cert I guess are only good for 2.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tom-J-LaelAuthor Commented:
Because no one else presented a solution that worked. The one person who replied sent a link to KB article I had already seen and tried.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.