topic Cisco ACE key.pem import error in Application Networking

Cisco ACE key.pem import error

rayyaan fayker — Fri, 03 Jan 2014 10:13:12 GMT

after extracting the Cert.pem and Key.pem from the PXF file.

i am get the following error trying to import the Key.pem file to the ACE

ENG-CTN-ACE01/Admin# crypto import tftp 10.3.31.249 key5.pem key5

Trying to connect to tftp server......

!!!!!!!

TFTP get operation was successful

3294 bytes copied

Successfully imported file from remote server.

Error: File not of supported key or certificate type - RSA, import failed.

ENG-CTN-ACE01/Admin#

* i have decrypted the key.pem and tried adding the key manually with crypto import terminal command but still getting the same error.

can you please assist as want am i doing wrong.

the cert has been uploaded successfully.

Filename File File Expor Key/

Size Type table Cert

-----------------------------------------------------------------------

cisco-sample-cert 1082 PEM Yes CERT

cisco-sample-key 887 PEM Yes KEY

wildcard-20140102.cer 1459 DER Yes CERT

Thanks

rayyaan

Cisco ACE key.pem import error

Kanwaljeet Singh — Fri, 03 Jan 2014 13:52:49 GMT

Hi Rayyaan,

Your certificate seems to be in .der format. Please use the below tool to convert the cert and key pair to .PEM format and import again using terminal or tftp or ftp and try again. Once it shows PEM format there in "show crypto files", verify the cert and key pair and if successfull you are good to go.

https://www.sslshopper.com/ssl-converter.html

Regards,

Kanwal

Cisco ACE key.pem import error

rayyaan fayker — Mon, 06 Jan 2014 08:48:51 GMT

I have change both file to a PEM format but still getting the same errors when trying to import the key.

The cer imports perfectly but only the key that i am trying to load onto the ACE is given me a problem, laoding the key manaully i get the same issue.

Cisco ACE key.pem import error

Kanwaljeet Singh — Mon, 06 Jan 2014 16:27:14 GMT

HI Rayyaan,

This is a key which you cannot share so that i can try here on my and see what is going on so i would suggested contacting your CA vendor and ask them to provide the key and cert in PEM format. Once you have that try it again. That's all i guess we can do here or you can open a TAC case and see what is going on. If the key is in PEM format ACE shouldn't have any problem in accepting it.

From user guide:

Importing Certificate and Key Pair Files

The ACE supports the importation of PEM-encoded key pairs and certificates (including wildcard certificates) signed by keys. The ACE allows a maximum public key size of 4096 bits. The maximum private key size is 2048 bits.

You can import a certificate or key pair file to the ACE from a remote server by using the crypto import command in Exec mode. You can import either individual certificates and keys or multiple certificates and keys. Because a network device uses its certificate and corresponding public key together to prove its identity during the SSL handshake, be sure to import both the certificate file and its corresponding key pair file.

The ACE supports the importation of PEM-encoded SSL certificates and keys with a maximum line width of 130 characters using the terminal. If an SSL certificate or key is not wrapped or it exceeds 130 characters per line, use a text editor such as the visual (vi) editor or Notepad to manually wrap the certificate or key to less than 130 characters per line. Alternatively, you can import the certificate or key by using SFTP, FTP, or TFTP with no regard to line width

Regards,

Kanwal