ACS 5.1 Unable to Parse Certificate

Unanswered Question
Jun 9th, 2010

I created a CSR using the web gui and got a signed cert back from thawte. When I try and go through the bind operation via web gui I get the following message:

Certificate Validation Error: 'Unable to Parse Certificate'.

all I can find in the logs is the following (acsmanagement log):

Jun 09 2010 15:42:49 com.cisco.nm.acs.mgmt.gui.app.entities.ACSCertificateStoreGuiEntity.bindCert(ACSCertificateStoreGuiEntity.java:
1237) FATAL http-443-5 Acs.MGMT.GUI Unable to parse certificate
com.cisco.nm.acs.mgmt.bl.framework.exceptions.CertificateException: Unable to parse certificate
        at com.cisco.nm.acs.mgmt.bl.framework.certificate.CertificateHandler.populateCertFields(CertificateHandler.java:393)
        at com.cisco.nm.acs.mgmt.gui.app.entities.ACSCertificateStoreGuiEntity.bindCert(ACSCertificateStoreGuiEntity.java:1211)
        at com.cisco.nm.acs.mgmt.gui.app.actions.ACSCertificateStoreLPInputAction.onBindCert(ACSCertificateStoreLPInputAction.java:6
02)
        at com.cisco.nm.acs.mgmt.gui.app.actions.ACSCertificateStoreLPInputAction.bindCert(ACSCertificateStoreLPInputAction.java:527
)

Does anyone have any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
derekleuridan Thu, 06/10/2010 - 09:16

I figured it out.

Our client insisted they generate their own certificates (we hand them a csr, they come back with a certificate). The cert they were sending back was chained, PKCS#7 according to them.

Apparently the ACS doesn't like those. I requested an unchained x.509 cert from them and it went through without a hitch. Generating a CSR and joining it with a private key doesn't take much  more than two click, its fantastic.

Though administrative/management error handling and documentation on the 5.1 could use some work, I'm deeply in love the platform.

Actions

This Discussion