Solved

Can't install 3rd Party SSL into Cisco ASA 5505

Posted on 2014-11-11
3
1,131 Views
Last Modified: 2014-11-19
Hello all

I have a Cisco ASA 5505 , running ASA Version 8.3(1), and ASDM version 6.3(1)

I cannot install a 3rd party (GoDaddy/Starfield tech) SSL certificate for the life of me.

Generating the CSR from the ASA itself I get "Failed to parse or verify imported certificate" even though the starfield specific root and intermediate certificates seem to install fine.

Someone in the Cisco support forums suggested generating the CSR from a windows computer, installing the cert on windows computer, and then exporting out to PKCS12 (.pfx), then importing into ASA afterward.

I'm met with Error Import PKCS12 operation failed.
0
Comment
Question by:Tom-J-Lael
  • 2
3 Comments
 
LVL 5

Expert Comment

by:Darkstriker69
ID: 40436195
Your best bet is to create the certificate request on the ASA. Here are some straightforward instructions for using the ASDM to create a certificate request. You will want to be sure to change the CN value to your match your DNS record.

https://www.digicert.com/csr-creation-cisco-asa-vpn.htm
0
 
LVL 3

Accepted Solution

by:
Tom-J-Lael earned 0 total points
ID: 40443267
Darkstriker69

Thanks for that info. I did see that before. Originally I did generate CSR from ASA itself, but had some much trouble I was willing to entertain generating it from elsewhere.

My problem was two fold

1. Needed to be SHA-1 , and not SHA-2. My best guess is because of the old ASA code ( 8.3.1)

2.  Secondly, the SSL I bought was for 3 years, but the Intermediate cert and root cert I guess are only good for 2.
0
 
LVL 3

Author Closing Comment

by:Tom-J-Lael
ID: 40451918
Because no one else presented a solution that worked. The one person who replied sent a link to KB article I had already seen and tried.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we will discuss all things related to StageFright bug, the most vulnerable bug of android devices.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question