Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACE4710 Show crypto files displays file size mismatch

For some reason when I compare backup and active ACE4710 certs size I have a size mismatch on 2 certs. I have done everything I can think of to elimanate this mismatch in size. I start off on the active with crypto import terminal xyz.pem which then a show crypto files displays as say 1800 then through a console session with putty I attach to the backup where i use the export from the master and run the same import command then show crypto file again where there is a  significant file size difference. Could this be as a result of the serial connection versus the telnet session otherwise on the master? I know that the master is using the correct file size cert as it is up and tested where unless I do a failover to the backup I do not know the cert will work and as well crypto verify shows both sets match on active and backup?  Right now I am in a warm standby state for ft as a result. Thanks.

2 REPLIES
Bronze

Re: ACE4710 Show crypto files displays file size mismatch

Hi.

Make sure your terminal application isn't adding *white* spaces, this could cause this issue. a common mistake is to copy/paste while selecting not only the text but some more spaces as well.

also verify if the cert can be decoded by doing show crypto certificate FILENAME.

Regards,

Fadi.

New Member

Re: ACE4710 Show crypto files displays file size mismatch

Hi,

Figured out a fix. What I later came to realize is that I had originally uploaded through FTP the key and cert pem as one file which then the system seperated (with an ultimate  file size based on this procedure) did not later match my copy and paste import file size for the two already seperate files. As well I was very carefull about white space and verify was done on both active and backup ACEs and the key pair in question. I was able to fix the problem by exporting from the copy and paste version and then re importing to the other device also through the terminal then use the new ones in the SSL proxy config for the pair in question. Then delete the FTP uploaded cert and key.Thanks for your help.

485
Views
5
Helpful
2
Replies
CreatePlease to create content