It would be nice if CSRs generated through the web interface were compliant with OpenSSL.
The problem is that CSRs can not be parsed by OpenSSL the way that they are shown in the HTML page:
openssl req -in csr.txt -noout -text says:
unable to load X509 request
139838211532448:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:805:
The reason for this is simple: OpenSSL expects the CSR to be wrapped after 64 characters but the SG300 generates them in a single line. Manually rewrapping the CSR allowed me to process the CSR in OpenSSL – but that's a fact that took about 8h to figure out...
Also: I was not able to import a public/private key combination that was generated through OpenSSL. One of the reasons is that the SG300 expects the banner for the public key to be BEGIN RSA PUBLIC KEY whereas OpenSSL seems to use BEGIN PUBLIC KEY. Even after fixing the header, all I managed to get was Failed to load public key. Finally, I gave up trying and used the CSR way to install the certificate. It would be great if the SSL handling were a little smoother. Thanks!
Firmware version is 126.96.36.199