We are currently using IronPort S370 as our web security. The certificate we are using is just the one that was generated by IronPort in the format of .pem. The certifcate is already installed on 2000+ PCs. We are currently testing out android devices on the network. My phone (Droid X w/ 2.3.3) works fine with the certificate. However, when trying out the Xoom tablet with OS 3.2.4, it will only accept a PKCS#12 certifcate. If we would create a new certificate with openSSL and load it into IronPort, how bad will it mess things up? We are expecting that none of the machines will pass through till they have the new certificate. Is there any way to do a dual certificate and migrate people over slowly to the PKCS#12 certificate? Just looking for a possible solution to this mess. Any help would be appreciated.
By all the reading I've been reading and your post, when the certifcate was generated on IronPort, it created the certificate and a key. However, you can only download the certificate to distribute to the computers. The downloaded certificate is only in a pem format, however I can convert to all types of other certicate formats without the key. For the Xoom, it requires the PKCS#12 format which includes the key also. Looking at everything, once I can find the key IronPort made, I can create the PKCS#12 certificate using a machine with openSSL. Is there a location this key can be found or a way to export it? I've been unable to find how to do that through the Manual. Searching the web more to see I might be able to find a way.
You shouldn't be including the private key to the end user devices as this would compromise the integrity of your certificate. They should only need the PUBLIC key to be able trust that certification authority. I did see your issue in Windows of not being able to export as a PKCS#12 without having the private key. I did find this article:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :