Importing Certificates on Content Switch CSS11501

cisco-pix · ‎09-25-2007

Hi,

I am having some problems getting my certificate to work on my CSS. Here is what I have done:

1. Generated a CSR

ssl genrsa MyKey 1024 "MyPassword"

2. Associated the key pair

ssl assoc rsakey MyKeyAssoc MyKey

3. Generated a CSR

ssl gencsr MyKeyAssoc

and I sent this off to my provider, and got a certificate in return... the file was renamed as a .txt file, so I renamed it .der and did the following:

4. Copy Cert on to Content Switch

copy ssl ftp my-record import MyCertName.der DER "MyPassword"

5. Associate the Cert (HERE IS THE PROBLEM...)

ssl assoc cert MyCertNameAssoc MyCertName.der "MyPassword"

Here it comes back with an error of "Not a valid key or certificate file"

Any ideas?.........

Jagdeep Gambhir · ‎09-25-2007

Could you check if the RSA key was passphrase protected ? If so, then on import you need to specify the passphrase as the *second* key argument, like so :

copy ssl ftp DEFAULT_FTP import rsakey.pem PEM "mypassword" "passphrase"

If not, the CSS will not complain on import but will consider the RSA key invalid when you try to associate it. The first key argument ("mypassword") is the password used to DES encrypt the RSA-key before writing it to the CSS' permanent storage.

Regards,

~JG

cisco-pix · ‎09-25-2007

No:- there is no passphrase associated with the key.

I am thinking it is a problem around the format of the cert: I generated the CSR in .pem format, my provider are returning a cert in .cer format, which I rename .pem before importing.

It imports fine, but does not allow me to associate it?...

cisco-pix · ‎09-26-2007

Can anyone help here??