Skip navigation
Cisco Learning Home > Certifications > CCIE Security > Discussions

_Communities

This Question is Not Answered 1 Correct Answer available (4 pts) 2 Helpful Answers available (2 pts)
2629 Views 0 Replies Latest reply: Jul 5, 2011 1:06 AM by Dani Petrov RSS

Currently Being Moderated

Installing wildcard certificate - error

Jul 5, 2011 1:06 AM

Dani Petrov 16 posts since
May 26, 2009

Hello guys, long time no see.

 

I'm not quite sure do I post within the right thread so please correct me if I'm wrong.

 

Anyway, the problem is as subject says - Problem with installation of wildcard certificate on Cisco ASA 5520 (VPN Plus license). Software version is  8.2(2).

I noticed two issues. We've bought a wildcard certificate for our domains example.com, example.org. Certificate provider is Geo Trust.

 

The first problem is that I'm unable to install the complete certificate chain. If I install the Root CA of GeoTrust, I'm unable to install the sub-ordinate CA, which has actually signed my cert, within the same trustpoint. The warning message says that "WARNING: Trustpoint GeoTrustRA is already authenticated." (this happens when I try to install the sub-ordinate CA, which stays in between RA and my certificate, within the same trustpoint as RA certificate.

 

The second problem is the actuall problem however. When I try to install the wildcard certificate (PKCS12, with 10000% of password), using ASDM, i got the following error: (actually I did intentionally type the wrong password and I receive absolutely the same error)

 

asa_issue1.jpg

 

Here is the setup of CA. As you can see, both certificates which must relay on the same trustpoint as chain, are divided in two trustpoint configurations:

 

asa_issue2.jpg

 

I tried to debug crypto ca 255 but there is nothing interesting within the log file.


If I try to add the Sub-ordinate certificate within the trustpoint where RA is installed, I got the following error:

 

asa_issue3.jpg

 

When I try to manually install the wildcard certificate from CLI (It's in BAS-64 format), I do receive the following error:

 

CLI Issue

vpngw2(config)# crypto ca import GeoTrust pkcs12 password_here

 

Enter the base 64 encoded pkcs12.

End with the word "quit" on a line by itself:

-----BEGIN CERTIFICATE-----

MIIEhjCCA26gAwIBAgICekswDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx

[cut]

RPg4gnOGlySGVA==

-----END CERTIFICATE-----

quit

ERROR: Import PKCS12 operation failed

 

Any thoughts, ideas, questions - whetever are more than welcome!

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)