Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

TLS Certificates on C150

Hello,

i have some troubles to renew my certificates on my two C150 appliances.

2008 i used openSSL to generate the request and install the new certificate with CLI.

The certificate is now expired and i generate a new request with openSSL, send it to geotrust and got a new certificate.

I used openSSL:

openssl genrsa -des3 -out server.key 2048                               to generate the keyfile

openssl rsa -in server.key -out server.key.PEMunsecure      to convert the keyfile

openssl req -new -key server.key -out server.csr                    to generate the request

got the certificate from external CA and then convert:

openssl x509 -inform der -in server.cer -out server.pem        to convert the certificate from the CA to PEM format

When i start to install the certificate (via certificate --> PASTE or webpage) i always get the message: "The key does not sign certificate."

What does this mean?

1 REPLY
Cisco Employee

Re: TLS Certificates on C150

Greetings,

In short this error indicates that the key provided does not match the certificate. Was the key generated on the same system you are attempting to install the certificate on?  You may want to open a support request with customer support. We will be more than happy to assist you with this issue.


Christopher C Smith
CSE

Cisco IronPort Customer Support 

936
Views
0
Helpful
1
Replies