Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ssl certificate creation error

I'm setting up a VPN 3000 Concentrator and for local administrative purposes I've created a self-signed CA, something to allow for https connections for our admins (generated on my own pc, copy/pasted into the web console). This seems to work fine. However, when I try to create an SSL certificate via the "generate" option (Administrations|Certificate Management|SSL Certificate) I'm given false details pertaining to geographical location (eg, Franklin, MA - which is not where I'm from :) ... The certificate itself works fine however and does contain accurate geographical data.

The interface does not allow me to create an SSL certificate manually:

- Copy/paste method complains of parsing errors (and no combination of pasting seems to work).

- upload from workstation complains that there is no file present (if from my linux workstation), or another parsing error (if from my windows workstation).

I would like to create an SSL certificate with accurate information but these snags are holding me back. Anyone have any ideas?



Re: ssl certificate creation error

Information pertaining to you (in the certificate) is derived from the information you submit during enrollment. Make sure the information entered is accurate. Also, the subject of configuring digital certificates on the VPN concentrator is covered in-depth in the doc at

New Member

Re: ssl certificate creation error

The link is quite useful, thanks for taking the time to reply. However, even after going through the steps involved with certificate enrollment and entering correct values I still receive errors when attempting to install the certificate. Here's a step-by-step description, assuming the CA is installed correctly and for all intents and purposes, running without a problem:

- "Click here to enroll with a Certificate Authority"

- "SSL certificate"

- "Enroll via PKCS10 Request (Manual)"

- enter appropriate values in each field

--> in this instance I'm using the IP address as the Common Name (as per instructions).

--> selecting RSA 1024 bits

- click Enroll

- pkcs****.txt pops up with a key value

- "Go to Certificate Installation"

- "Install certificate obtained via enrollment"

- Enrollment Status screen appears along with the cert I've just created

--> I notice that the Issuer field has N/A listed, is this related to the original CA that was created?

- click Install

- "Cut & Paste Text"

- paste all of the contents from the pop-up window and click Install

At this point I receive the following error

"Error installing SSL certificate: Bad file format."

Any ideas?