Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
801
Views
5
Helpful
2
Replies

ACE4710 Show crypto files displays file size mismatch

dschelberg
Level 1
Level 1

‎09-17-2010 08:49 AM - edited ‎03-01-2019 06:51 AM

For some reason when I compare backup and active ACE4710 certs size I have a size mismatch on 2 certs. I have done everything I can think of to elimanate this mismatch in size. I start off on the active with crypto import terminal xyz.pem which then a show crypto files displays as say 1800 then through a console session with putty I attach to the backup where i use the export from the master and run the same import command then show crypto file again where there is a  significant file size difference. Could this be as a result of the serial connection versus the telnet session otherwise on the master? I know that the master is using the correct file size cert as it is up and tested where unless I do a failover to the backup I do not know the cert will work and as well crypto verify shows both sets match on active and backup?  Right now I am in a warm standby state for ft as a result. Thanks.

Labels:
0 Helpful
2 Replies 2

fadlouni
Level 1
Level 1

‎11-11-2010 02:06 AM

Hi.

Make sure your terminal application isn't adding *white* spaces, this could cause this issue. a common mistake is to copy/paste while selecting not only the text but some more spaces as well.

also verify if the cert can be decoded by doing show crypto certificate FILENAME.

Regards,

Fadi.

0 Helpful

dschelberg
Level 1
Level 1
In response to fadlouni

‎11-11-2010 07:24 AM

Hi,

Figured out a fix. What I later came to realize is that I had originally uploaded through FTP the key and cert pem as one file which then the system seperated (with an ultimate  file size based on this procedure) did not later match my copy and paste import file size for the two already seperate files. As well I was very carefull about white space and verify was done on both active and backup ACEs and the key pair in question. I was able to fix the problem by exporting from the copy and paste version and then re importing to the other device also through the terminal then use the new ones in the SSL proxy config for the pair in question. Then delete the FTP uploaded cert and key.Thanks for your help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents