Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSS rsacert.pem file lost password


I know this is a long shot, however:

I have a pair of CSS’s in an active/standby VRRP cluster. Both CSS switches have identical configurations with the exception of a VeriSign certificate which is only loaded on the master CSS. I’m trying to import the VeriSign certificate to the second CSS to provide full resilience; the trouble is that I don’t have the password to the RSA certificate key on the master CSS.

Here are some show outputs that perhaps explain this better:

CSS11501# sh ssl ass

Certificate Name File Name Used by List

---------------- --------- ------------

clientrsacert clientrsacert.txt yes

clientrsakey clientcert.txt no

RSA Key Name File Name Used by List

------------ --------- ------------

clientrsakey client.pem yes

DH Param Name File Name Used by List

------------- --------- ------------

DSA Key Name File Name Used by List

------------ --------- ------------

I have the password for the clientrsacert file which contains the signed certificate, however, I don’t have the password for the RSA key file, therefore, cannot transfer this to the other CSS. I’m assuming that the RSA key pair used to generate the CSR is required?

Any advice on what I should do next would be greatly appreciated?



  • Application Networking
New Member

Re: CSS rsacert.pem file lost password


As the Americans say, "you are hosed". If the original key was generated on the CSS and the hashing password is lost, there is no way to get the key. The solution is to generate a new keypair and CSR, have your CA sign the new CSR, then import the new cert to each CSS. You can also export the new keypair from one and import to the other, as you will know the passphrase used for this key.