ACS 5.1 Unable to Parse Certificate

Unanswered Question
Jun 9th, 2010
User Badges:

I created a CSR using the web gui and got a signed cert back from thawte. When I try and go through the bind operation via web gui I get the following message:


Certificate Validation Error: 'Unable to Parse Certificate'.


all I can find in the logs is the following (acsmanagement log):


Jun 09 2010 15:42:49 com.cisco.nm.acs.mgmt.gui.app.entities.ACSCertificateStoreGuiEntity.bindCert(ACSCertificateStoreGuiEntity.java:
1237) FATAL http-443-5 Acs.MGMT.GUI Unable to parse certificate
com.cisco.nm.acs.mgmt.bl.framework.exceptions.CertificateException: Unable to parse certificate
        at com.cisco.nm.acs.mgmt.bl.framework.certificate.CertificateHandler.populateCertFields(CertificateHandler.java:393)
        at com.cisco.nm.acs.mgmt.gui.app.entities.ACSCertificateStoreGuiEntity.bindCert(ACSCertificateStoreGuiEntity.java:1211)
        at com.cisco.nm.acs.mgmt.gui.app.actions.ACSCertificateStoreLPInputAction.onBindCert(ACSCertificateStoreLPInputAction.java:6
02)
        at com.cisco.nm.acs.mgmt.gui.app.actions.ACSCertificateStoreLPInputAction.bindCert(ACSCertificateStoreLPInputAction.java:527
)


Does anyone have any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
derekleuridan Thu, 06/10/2010 - 09:16
User Badges:

I figured it out.


Our client insisted they generate their own certificates (we hand them a csr, they come back with a certificate). The cert they were sending back was chained, PKCS#7 according to them.


Apparently the ACS doesn't like those. I requested an unchained x.509 cert from them and it went through without a hitch. Generating a CSR and joining it with a private key doesn't take much  more than two click, its fantastic.


Though administrative/management error handling and documentation on the 5.1 could use some work, I'm deeply in love the platform.

Actions

This Discussion