Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2048-bit RSA private key for Cisco SG500 SSL Certificate, cannot import

On a Cisco SG500-52 Small Business switch, I generated a new 2048-bit RSA private key and generated a Certificate Signing Request to submit to a CA. I received the new certificate from the CA and tried to import it in to the SG500-52 switch. (Firmware version 1.2.7.76, boot 1.2.0.12)

It is not possible to paste the resulting certificate text into the Import box; the import box is limited to less characters than the length of a certificate for a 2048-bit key.....

Catch-22, anyone? (Or maybe better to say, Catch-2048?)

Is there a solution for this, perhaps in a newer firmware version? .. can it be done at the CLI instead of through the web interface?

thanks,

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: 2048-bit RSA private key for Cisco SG500 SSL Certificate, ca

Hi Jay Libove,

You can try with cli too. Telnet or ssh to the switch and then

#configure terminal

(config)# crypto certificate <1-2> import

it gives you a prompt

Please paste the input .... etc

copy and paste the certificate and at the end add a period (.) at the end.

See if this work. But you need to have certificate and Private key but copying the certificate request wouldn't work.

Let me know if i can assist you further.

Thanks,

Prithvi

Thanks, Prithvi Please mark answered and rate for helpful posts.
2 REPLIES
Cisco Employee

Re: 2048-bit RSA private key for Cisco SG500 SSL Certificate, ca

Hi Jay Libove,

You can try with cli too. Telnet or ssh to the switch and then

#configure terminal

(config)# crypto certificate <1-2> import

it gives you a prompt

Please paste the input .... etc

copy and paste the certificate and at the end add a period (.) at the end.

See if this work. But you need to have certificate and Private key but copying the certificate request wouldn't work.

Let me know if i can assist you further.

Thanks,

Prithvi

Thanks, Prithvi Please mark answered and rate for helpful posts.
New Member

Re: 2048-bit RSA private key for Cisco SG500 SSL Certificate, ca

Thanks Prithvi, that works.

A warning to all, the switch reset, or perhaps simply became totally unavailable (it stopped servicing network traffic), for one to two minutes as soon as I entered the trailing "." to terminate the certificate text input.

So, this is a disruptive operation.

But, when the switch came back (it still showed uptime of several days, so it wasn't a total reset), the certificate was in place, and does work.

I would still like to know if Cisco has fixed the problem with the too-small input limit on the web interface for certificate import. (And, now, also, if Cisco has fixed the problem of the certificate import causing a service disruption!)

thanks.

-Jay

690
Views
10
Helpful
2
Replies
CreatePlease login to create content