VPN 3000 L2L with cert

Unanswered Question
Apr 17th, 2009
User Badges:

Hi All!


I have some problem.

I have been tring to configure VPN 3000 series concentrator to use Lan-to-Lan connections with cerificates.


I got the root CA cert and I installed it successfully on the device. And we have our certificate in .p12 file with password.

I don't know how can I install this certificate to "Identify Cetrtificates" section.

All of the user guide say send a cert request, but I don't want because we already have had cert.

What type of file the VPN3000 wait for. I mean when the cert request is in progress, you can install the received cert, but what is the extension and format of the file.


any idea?


thanks and regards.

Gabor

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Fri, 04/17/2009 - 07:14
User Badges:
  • Cisco Employee,

Hi Gabor, As far as I know the VPN concentrator will only accept PKCS10 certs and not PKCS12, so you will need to convert your p12 certificate to PEM format from base 64 so that you can extract the private key and the certificate from it using OpenSSL

hegegabor Tue, 04/21/2009 - 07:43
User Badges:

Hi, Its okay, but I don't understand something.

Actually I don't want enroll via request.

If I create a cert request on the VPN 3000, it stores the private key, and give me a request "file". But I have already had private key in my p12 file and this is not the same, and it is signed.


how can I install without request?

or I have to create request, and sign it with ca?

please tell me what can I do.


ty, regards

Gabor

Ivan Martinon Tue, 04/21/2009 - 07:53
User Badges:
  • Cisco Employee,

I think I did not explain myself, when using the certificate installation in P12, you have the ID cert along with the private key that your CA gave you, then to be able to import this to your box you need to find a way to first change the encoding of the P12 file, to DER (I believe) this will allow you to open the p12 file with notpad and see the key chain for the cert and key, to do so you need to use openssl as you need to manipulate the ceritificate p12 file. As for the other comments the concentrator only supports CER files to be installed manually which of course do not have the key or SCEP.

Actions

This Discussion