Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.1 Unable to Parse Certificate

I created a CSR using the web gui and got a signed cert back from thawte. When I try and go through the bind operation via web gui I get the following message:

Certificate Validation Error: 'Unable to Parse Certificate'.

all I can find in the logs is the following (acsmanagement log):

Jun 09 2010 15:42:49 com.cisco.nm.acs.mgmt.gui.app.entities.ACSCertificateStoreGuiEntity.bindCert(ACSCertificateStoreGuiEntity.java:
1237) FATAL http-443-5 Acs.MGMT.GUI Unable to parse certificate
com.cisco.nm.acs.mgmt.bl.framework.exceptions.CertificateException: Unable to parse certificate
        at com.cisco.nm.acs.mgmt.bl.framework.certificate.CertificateHandler.populateCertFields(CertificateHandler.java:393)
        at com.cisco.nm.acs.mgmt.gui.app.entities.ACSCertificateStoreGuiEntity.bindCert(ACSCertificateStoreGuiEntity.java:1211)
        at com.cisco.nm.acs.mgmt.gui.app.actions.ACSCertificateStoreLPInputAction.onBindCert(ACSCertificateStoreLPInputAction.java:6
02)
        at com.cisco.nm.acs.mgmt.gui.app.actions.ACSCertificateStoreLPInputAction.bindCert(ACSCertificateStoreLPInputAction.java:527
)

Does anyone have any ideas?

2 REPLIES
Cisco Employee

Re: ACS 5.1 Unable to Parse Certificate

Did you split .pvk certificate in .pem using openssh? If yes, then there could be high possibility that this certificate has some text line before its PEM content.

We do have an internal bug opened on this? Could you please share the cert or send it to me at jkatyal@cisco.com ?


HTH

JK


Do rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: ACS 5.1 Unable to Parse Certificate

I figured it out.

Our client insisted they generate their own certificates (we hand them a csr, they come back with a certificate). The cert they were sending back was chained, PKCS#7 according to them.

Apparently the ACS doesn't like those. I requested an unchained x.509 cert from them and it went through without a hitch. Generating a CSR and joining it with a private key doesn't take much  more than two click, its fantastic.

Though administrative/management error handling and documentation on the 5.1 could use some work, I'm deeply in love the platform.

2570
Views
0
Helpful
2
Replies