Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3466
Views
0
Helpful
2
Replies

ACS 5.1 Unable to Parse Certificate

derekleuridan
Level 1
Level 1

‎06-09-2010 02:21 PM - edited ‎03-10-2019 05:11 PM

I created a CSR using the web gui and got a signed cert back from thawte. When I try and go through the bind operation via web gui I get the following message:

Certificate Validation Error: 'Unable to Parse Certificate'.

all I can find in the logs is the following (acsmanagement log):

Jun 09 2010 15:42:49 com.cisco.nm.acs.mgmt.gui.app.entities.ACSCertificateStoreGuiEntity.bindCert(ACSCertificateStoreGuiEntity.java:
1237) FATAL http-443-5 Acs.MGMT.GUI Unable to parse certificate
com.cisco.nm.acs.mgmt.bl.framework.exceptions.CertificateException: Unable to parse certificate
        at com.cisco.nm.acs.mgmt.bl.framework.certificate.CertificateHandler.populateCertFields(CertificateHandler.java:393)
        at com.cisco.nm.acs.mgmt.gui.app.entities.ACSCertificateStoreGuiEntity.bindCert(ACSCertificateStoreGuiEntity.java:1211)
        at com.cisco.nm.acs.mgmt.gui.app.actions.ACSCertificateStoreLPInputAction.onBindCert(ACSCertificateStoreLPInputAction.java:6
02)
        at com.cisco.nm.acs.mgmt.gui.app.actions.ACSCertificateStoreLPInputAction.bindCert(ACSCertificateStoreLPInputAction.java:527
)

Does anyone have any ideas?

Labels:
0 Helpful
2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

‎06-09-2010 07:04 PM

Did you split .pvk certificate in .pem using openssh? If yes, then there could be high possibility that this certificate has some text line before its PEM content.

We do have an internal bug opened on this? Could you please share the cert or send it to me at jkatyal@cisco.com ?


HTH

JK


Do rate helpful posts-

~Jatin
0 Helpful

derekleuridan
Level 1
Level 1
In response to Jatin Katyal

‎06-10-2010 09:16 AM

I figured it out.

Our client insisted they generate their own certificates (we hand them a csr, they come back with a certificate). The cert they were sending back was chained, PKCS#7 according to them.

Apparently the ACS doesn't like those. I requested an unchained x.509 cert from them and it went through without a hitch. Generating a CSR and joining it with a private key doesn't take much  more than two click, its fantastic.

Though administrative/management error handling and documentation on the 5.1 could use some work, I'm deeply in love the platform.

0 Helpful
Customers Also Viewed These Support Documents