I cannot import certificate to CSACS SE 4.2

Unanswered Question
Mar 2nd, 2009
User Badges:

Hi, I cannot import certificate from CA (Certificate Authority). When I attempt to install the certificate to CSACS SE 4.2, the following error occurs during installation: "Unsupported private key file format".

Does anyone have any recommendations?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
ansalaza Tue, 03/03/2009 - 05:50
User Badges:
  • Cisco Employee,

In an Appliance there is a key created when you make the Signing request.

This same key file/password are the ones you must specify at the installation of the Identity Certificate.

I don't think there is an option to install a private key when importing the CA Certificate.

The CA is installed under "ACS Certification Authority Setup"...

Ivan Martinon Tue, 03/03/2009 - 07:39
User Badges:
  • Cisco Employee,

There are 2 ways to install a certificate on an ACS appliance, the easiest one is generating a CSR (Certificate Sign in Request) from the ACS, copy the CSR format into your CA and then retreiving the Certificate from your CA and upload it via FTP to your ACS SE, this is easiest since the Private key that you define is generated by ACS SE and saved into it's System and into an FTP server with the correct format (PEM)

The other way, hardest, is generating the Certificate from the CA and exporting it to a PKCS12 format in which you will have the Identity Certificate and the Private key wrapped on a PFX file, then since ACS SE does not support this you will need to manage and process this with OPENSSL to change the encoding from Base64 to PEM and then extracting both the Certificate file and the Private key file which then you can import using an FTP server.

Leo Gal Wed, 01/12/2011 - 05:53
User Badges:

I ended up with the latter option and desperately need the process.

Could you provide some link, or detailed description of how to do it via OPEN SSL, pls?

Thank you


andamani Wed, 01/19/2011 - 07:11
User Badges:
  • Cisco Employee,

Please rate the posts if they have helped you, so that it is easier for others to find solution for the same problem.


This Discussion