Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Importing pkcs12 certificate on SSL ver 3.1

I am having a problem getting a pkcs12 certificate imported onto an SSL module with software version 3.1(1). This is a brand new SSL module. When I import using command from config mode "crypto pki import tp-name pkcs12 nvram:cert-name passphrase", the trustpoint gets created and two certificates install. The root and the intermediate. The server certificate does not get installed.

We have problem done this 3 to 4 dozen times on our other SSL module in the exact same manner. It is running version 2.1(2).

I have opened the pkcs12 file with openssl and see all three certificates along with the private key, so I know that they are all there.

Thank you for your assistance in this matter.

New Member

Re: Importing pkcs12 certificate on SSL ver 3.1

I was notified by TAC engineer that this is a bug in 3.1(1) code. Our Root CA and Intermediate CA public key size is greater than 2048 bits. They say that is the limit on the size for importing of PKCS12 certificate. Ours are 4096 bits.