Move Asa Certificate to Firepower

Sometimes the CA Certificate is not included in the Certificate Chain on the ASA. Therefore you need to include it manually.

Step 1: First export the ASA Certificate as pkcs12 File.

Step 2: Then convert the pkcs12 File to a binary format.

openssl base64 -d -a -in <PKCS#12file> -out <PKCS#12file.bin>

You can view the content of the pkcs12 file with the following command:

openssl pkcs12 -info -in web_cert_bin.p12 -nodes

you will also see the private key and the certificate in pem format.

Step 3: Add CA Certificate to the pkcs12 file:

cat <signed_cert_filename> <intermediate.cert> [<intermediate2.cert>] > cert-chain.txt

openssl pkcs12 -export -in cert-chain.txt -inkey <private_key_filename> -name ‘tomcat’ -out keystore.p12

Report abuse