Can't install 3rd Party SSL into Cisco ASA 5505

Tom-J-Lael
Tom-J-Lael used Ask the Experts™
on
Hello all

I have a Cisco ASA 5505 , running ASA Version 8.3(1), and ASDM version 6.3(1)

I cannot install a 3rd party (GoDaddy/Starfield tech) SSL certificate for the life of me.

Generating the CSR from the ASA itself I get "Failed to parse or verify imported certificate" even though the starfield specific root and intermediate certificates seem to install fine.

Someone in the Cisco support forums suggested generating the CSR from a windows computer, installing the cert on windows computer, and then exporting out to PKCS12 (.pfx), then importing into ASA afterward.

I'm met with Error Import PKCS12 operation failed.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
View Solution Only
Darkstriker69

Commented:
Your best bet is to create the certificate request on the ASA. Here are some straightforward instructions for using the ASDM to create a certificate request. You will want to be sure to change the CN value to your match your DNS record.

https://www.digicert.com/csr-creation-cisco-asa-vpn.htm
Commented:
Darkstriker69

Thanks for that info. I did see that before. Originally I did generate CSR from ASA itself, but had some much trouble I was willing to entertain generating it from elsewhere.

My problem was two fold

1. Needed to be SHA-1 , and not SHA-2. My best guess is because of the old ASA code ( 8.3.1)

2.  Secondly, the SSL I bought was for 3 years, but the Intermediate cert and root cert I guess are only good for 2.
Tom-J-Lael

Author

Commented:
Because no one else presented a solution that worked. The one person who replied sent a link to KB article I had already seen and tried.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial