Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Importing Certificates on Content Switch CSS11501


I am having some problems getting my certificate to work on my CSS. Here is what I have done:

1. Generated a CSR

ssl genrsa MyKey 1024 "MyPassword"

2. Associated the key pair

ssl assoc rsakey MyKeyAssoc MyKey

3. Generated a CSR

ssl gencsr MyKeyAssoc

and I sent this off to my provider, and got a certificate in return... the file was renamed as a .txt file, so I renamed it .der and did the following:

4. Copy Cert on to Content Switch

copy ssl ftp my-record import MyCertName.der DER "MyPassword"

5. Associate the Cert (HERE IS THE PROBLEM...)

ssl assoc cert MyCertNameAssoc MyCertName.der "MyPassword"

Here it comes back with an error of "Not a valid key or certificate file"

Any ideas?.........


Re: Importing Certificates on Content Switch CSS11501

Could you check if the RSA key was passphrase protected ? If so, then on import you need to specify the passphrase as the *second* key argument, like so :

copy ssl ftp DEFAULT_FTP import rsakey.pem PEM "mypassword" "passphrase"

If not, the CSS will not complain on import but will consider the RSA key invalid when you try to associate it. The first key argument ("mypassword") is the password used to DES encrypt the RSA-key before writing it to the CSS' permanent storage.



New Member

Re: Importing Certificates on Content Switch CSS11501

No:- there is no passphrase associated with the key.

I am thinking it is a problem around the format of the cert: I generated the CSR in .pem format, my provider are returning a cert in .cer format, which I rename .pem before importing.

It imports fine, but does not allow me to associate it?...

New Member

Re: Importing Certificates on Content Switch CSS11501

Can anyone help here??