Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1882
Views
10
Helpful
2
Replies

2048-bit RSA private key for Cisco SG500 SSL Certificate, cannot import

Go to solution
jay.libove
Level 1
Level 1

‎07-19-2013 04:16 AM

On a Cisco SG500-52 Small Business switch, I generated a new 2048-bit RSA private key and generated a Certificate Signing Request to submit to a CA. I received the new certificate from the CA and tried to import it in to the SG500-52 switch. (Firmware version 1.2.7.76, boot 1.2.0.12)

It is not possible to paste the resulting certificate text into the Import box; the import box is limited to less characters than the length of a certificate for a 2048-bit key.....

Catch-22, anyone? (Or maybe better to say, Catch-2048?)

Is there a solution for this, perhaps in a newer firmware version? .. can it be done at the CLI instead of through the web interface?

thanks,

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Prithvi Manduva
Cisco Employee
Cisco Employee

‎07-22-2013 01:58 PM

Hi Jay Libove,

You can try with cli too. Telnet or ssh to the switch and then

#configure terminal

(config)# crypto certificate <1-2> import

it gives you a prompt

Please paste the input .... etc

copy and paste the certificate and at the end add a period (.) at the end.

See if this work. But you need to have certificate and Private key but copying the certificate request wouldn't work.

Let me know if i can assist you further.

Thanks,

Prithvi

Thanks, Prithvi Please mark answered and rate for helpful posts.

View solution in original post

2 Replies 2

Go to solution
Prithvi Manduva
Cisco Employee
Cisco Employee

‎07-22-2013 01:58 PM

Hi Jay Libove,

You can try with cli too. Telnet or ssh to the switch and then

#configure terminal

(config)# crypto certificate <1-2> import

it gives you a prompt

Please paste the input .... etc

copy and paste the certificate and at the end add a period (.) at the end.

See if this work. But you need to have certificate and Private key but copying the certificate request wouldn't work.

Let me know if i can assist you further.

Thanks,

Prithvi

Thanks, Prithvi Please mark answered and rate for helpful posts.

Go to solution
jay.libove
Level 1
Level 1
In response to Prithvi Manduva

‎07-23-2013 01:15 AM

Thanks Prithvi, that works.

A warning to all, the switch reset, or perhaps simply became totally unavailable (it stopped servicing network traffic), for one to two minutes as soon as I entered the trailing "." to terminate the certificate text input.

So, this is a disruptive operation.

But, when the switch came back (it still showed uptime of several days, so it wasn't a total reset), the certificate was in place, and does work.

I would still like to know if Cisco has fixed the problem with the too-small input limit on the web interface for certificate import. (And, now, also, if Cisco has fixed the problem of the certificate import causing a service disruption!)

thanks.

-Jay

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents