Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1148
Views
0
Helpful
2
Replies

ssl certificate creation error

c.chaplin
Level 1
Level 1

‎10-01-2003 06:40 AM - edited ‎02-20-2020 11:01 PM

I'm setting up a VPN 3000 Concentrator and for local administrative purposes I've created a self-signed CA, something to allow for https connections for our admins (generated on my own pc, copy/pasted into the web console). This seems to work fine. However, when I try to create an SSL certificate via the "generate" option (Administrations|Certificate Management|SSL Certificate) I'm given false details pertaining to geographical location (eg, Franklin, MA - which is not where I'm from :) ... The certificate itself works fine however and does contain accurate geographical data.

The interface does not allow me to create an SSL certificate manually:

- Copy/paste method complains of parsing errors (and no combination of pasting seems to work).

- upload from workstation complains that there is no file present (if from my linux workstation), or another parsing error (if from my windows workstation).

I would like to create an SSL certificate with accurate information but these snags are holding me back. Anyone have any ideas?

Thanks.

0 Helpful
2 Replies 2

drolemc
Level 6
Level 6

‎10-07-2003 07:00 AM

Information pertaining to you (in the certificate) is derived from the information you submit during enrollment. Make sure the information entered is accurate. Also, the subject of configuring digital certificates on the VPN concentrator is covered in-depth in the doc at http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/rel3_5_1/admin/certman.htm.

0 Helpful

c.chaplin
Level 1
Level 1
In response to drolemc

‎10-07-2003 10:52 AM

The link is quite useful, thanks for taking the time to reply. However, even after going through the steps involved with certificate enrollment and entering correct values I still receive errors when attempting to install the certificate. Here's a step-by-step description, assuming the CA is installed correctly and for all intents and purposes, running without a problem:

- "Click here to enroll with a Certificate Authority"

- "SSL certificate"

- "Enroll via PKCS10 Request (Manual)"

- enter appropriate values in each field

--> in this instance I'm using the IP address as the Common Name (as per instructions).

--> selecting RSA 1024 bits

- click Enroll

- pkcs****.txt pops up with a key value

- "Go to Certificate Installation"

- "Install certificate obtained via enrollment"

- Enrollment Status screen appears along with the cert I've just created

--> I notice that the Issuer field has N/A listed, is this related to the original CA that was created?

- click Install

- "Cut & Paste Text"

- paste all of the contents from the pop-up window and click Install

At this point I receive the following error

"Error installing SSL certificate: Bad file format."

Any ideas?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card