ASA 5510 can't save the Go Daddy cert

Hi,

I have an ASA 5510 installed with Go Daddy wildcard certs which are about to expire very soon. So we rekey the certs. But on this SSLVPN gateway I can't install it, showing the error %Error in saving certificate : Status=Failed

IOS: 8.04
ASDM 6.1

Any reason analysis and solutions are welcome.

Thanks
KevinLi70Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
import using .pfx may give a better chance as most experienced .pem (.crt) issue. The PEM certificates usually have extentions such as .pem, .crt, .cer, and .key. Can import the gd_intermediate.crt from https://certs.godaddy.com/Repository.go

In ASDM, Configuration, Device Management, Certificate Management, CA Certificates; click Add, don't change any defaults, install from file, locate the gd_intermediate.crt file. This contain intermediate CA links your certificate back to a trusted root CA.
 Continuing... Loading gd_bundle.crt not necessarily works so I tend to skip that for time being. Thereafter, upon intermediate cert is loaded successfully, we can go to Identity Certificates (right below CA Certificates) and Add - to import from file (your converted .pfx file) with password entered for the latter.

Can try this convertor from pem to pfx https://www.sslshopper.com/ssl-converter.html
KevinLi70Author Commented:
Thank you btan for the answer.

I figured out the reason is due to the new SHA256 cert was not supported on ASA8.0. By updating to ASA8.2(5), the certs were able to installed successfully. Just no time to upgrade to the latest ver 9.x.

Thanks

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
KevinLi70Author Commented:
It is the reason
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.