Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

I cannot import certificate to CSACS SE 4.2

Hi, I cannot import certificate from CA (Certificate Authority). When I attempt to install the certificate to CSACS SE 4.2, the following error occurs during installation: "Unsupported private key file format".

Does anyone have any recommendations?

7 REPLIES
Bronze

Re: I cannot import certificate to CSACS SE 4.2

In an Appliance there is a key created when you make the Signing request.

This same key file/password are the ones you must specify at the installation of the Identity Certificate.

I don't think there is an option to install a private key when importing the CA Certificate.

The CA is installed under "ACS Certification Authority Setup"...

Re: I cannot import certificate to CSACS SE 4.2

There are 2 ways to install a certificate on an ACS appliance, the easiest one is generating a CSR (Certificate Sign in Request) from the ACS, copy the CSR format into your CA and then retreiving the Certificate from your CA and upload it via FTP to your ACS SE, this is easiest since the Private key that you define is generated by ACS SE and saved into it's System and into an FTP server with the correct format (PEM)

The other way, hardest, is generating the Certificate from the CA and exporting it to a PKCS12 format in which you will have the Identity Certificate and the Private key wrapped on a PFX file, then since ACS SE does not support this you will need to manage and process this with OPENSSL to change the encoding from Base64 to PEM and then extracting both the Certificate file and the Private key file which then you can import using an FTP server.

New Member

Re: I cannot import certificate to CSACS SE 4.2

I ended up with the latter option and desperately need the process.

Could you provide some link, or detailed description of how to do it via OPEN SSL, pls?

Thank you

Leo

Cisco Employee

Re: I cannot import certificate to CSACS SE 4.2

Hi,

This link will give you details of open ssl commands:

http://www.sslshopper.com/article-most-common-openssl-commands.html

you can use this link as well to convert the certificates.

https://www.sslshopper.com/ssl-converter.html

Regards,

Anisha

New Member

Re: I cannot import certificate to CSACS SE 4.2

Thank you very much

Leo

Cisco Employee

Re: I cannot import certificate to CSACS SE 4.2

Please rate the posts if they have helped you, so that it is easier for others to find solution for the same problem.

Silver

I cannot import certificate to CSACS SE 4.2

Thanks...

Siddhartha

Siddhartha
998
Views
25
Helpful
7
Replies