Skip navigation
Cisco Learning Home > Certifications > CCIE Security > Discussions


This Question is Not Answered 1 Correct Answer available (4 pts) 2 Helpful Answers available (2 pts)
2629 Views 0 Replies Latest reply: Jul 5, 2011 1:06 AM by Dani Petrov RSS

Currently Being Moderated

Installing wildcard certificate - error

Jul 5, 2011 1:06 AM

Dani Petrov 16 posts since
May 26, 2009

Hello guys, long time no see.


I'm not quite sure do I post within the right thread so please correct me if I'm wrong.


Anyway, the problem is as subject says - Problem with installation of wildcard certificate on Cisco ASA 5520 (VPN Plus license). Software version is  8.2(2).

I noticed two issues. We've bought a wildcard certificate for our domains, Certificate provider is Geo Trust.


The first problem is that I'm unable to install the complete certificate chain. If I install the Root CA of GeoTrust, I'm unable to install the sub-ordinate CA, which has actually signed my cert, within the same trustpoint. The warning message says that "WARNING: Trustpoint GeoTrustRA is already authenticated." (this happens when I try to install the sub-ordinate CA, which stays in between RA and my certificate, within the same trustpoint as RA certificate.


The second problem is the actuall problem however. When I try to install the wildcard certificate (PKCS12, with 10000% of password), using ASDM, i got the following error: (actually I did intentionally type the wrong password and I receive absolutely the same error)




Here is the setup of CA. As you can see, both certificates which must relay on the same trustpoint as chain, are divided in two trustpoint configurations:




I tried to debug crypto ca 255 but there is nothing interesting within the log file.

If I try to add the Sub-ordinate certificate within the trustpoint where RA is installed, I got the following error:




When I try to manually install the wildcard certificate from CLI (It's in BAS-64 format), I do receive the following error:


CLI Issue

vpngw2(config)# crypto ca import GeoTrust pkcs12 password_here


Enter the base 64 encoded pkcs12.

End with the word "quit" on a line by itself:







ERROR: Import PKCS12 operation failed


Any thoughts, ideas, questions - whetever are more than welcome!


More Like This

  • Retrieving data ...

Bookmarked By (0)