Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS 11503 - SSl - Unable to clear/delete rsakey

Hi,

We have recently configured an ssl redirect service on the CSS11503. This works great.

The css was then cleared of all configuration including all ssl cert/key associations inorder to test recovery.

The problem we are experiencing is that there is a rsakey file that is shown as existing but cannot be used or deleted.

Can anyone explain this?

Also when the generated digital certificates have been authenticated by Verisign. When trying to download to cisco a vendor code is required which we do not have?

Has anyone had similar problems?

3 REPLIES
Cisco Employee

Re: CSS 11503 - SSl - Unable to clear/delete rsakey

did you try the command 'ssl clearfiles' from the llama/debug mode ?

Is it the CSS requesting the vendor code ?

What is the exact sentence ?

Thanks,

Gilles.

New Member

Re: CSS 11503 - SSl - Unable to clear/delete rsakey

Gilles

This is the query raised by the customer:-

'On applying for a SSL Certificate from Verisign using a CSR produced on the CSS there is a requirement to provide the SSL server software vender. Neither Cisco nor WebNS appears on the options for the list and Verisign have advised that Cisco should be able to provide a suitable answer to this question'

We have been unable to find the SSL server software vendor

New Member

Re: CSS 11503 - SSl - Unable to clear/delete rsakey

Ravi,

There are multiple types supported by the CSS SSL Module and WebNS.

If you select apache, you will get a PEM certificate.

WIN2000 IIS 5 uses PKCS12, and NT IIS4 uses DER

PEM, DER, and PKCS12 is supported by the CSS.

This info can be found at

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080157875.html#1063169

I generally tell people to select apache, but the others should work. I agree, Cisco should be listed at the Apache website.

279
Views
0
Helpful
3
Replies