https://community.cisco.com/t5/network-access-control/trouble-adding-wildcard-cert/m-p/2953849#M38573 <P>Certificates and private keys should both be in PEM format. Those are the ones that begin and end with lines like:</P> <PRE class="prettyprint">-----BEGIN CERTIFICATE-----<BR />-----END CERTIFICATE-----</PRE> <P>and</P> <PRE class="prettyprint">-----BEGIN PRIVATE KEY-----<BR />-----END PRIVATE KEY-----</PRE> <P>...with a whole lot of ASCII text in between them. You can verify by opening them in a text editor. The extension doesn't really matter as long as the file contents are plain ASCII text delimited properly.</P> <P>With those in hand, you can validate that a given key is the right one for a given certificate using openssl (or if you trust it, a webified interface that does the same thing: <A href="https://www.sslshopper.com/certificate-key-matcher.html" target="_blank">https://www.sslshopper.com/certificate-key-matcher.html</A> )</P> Thu, 25 Aug 2016 18:56:42 GMT Marvin Rhoads 2016-08-25T18:56:42Z https://community.cisco.com/t5/network-access-control/trouble-adding-wildcard-cert/m-p/2953848#M38572 <P></P> <P>ise 2.1</P> <P>i'm trying to add a wildcard cert. was told i would need to get an exported cert and key from the non-ise server that was used to get the wildcard cert.&nbsp;</P> <P>i received 3 files: the ca cert (ca.crt), the wildcard cert (abc.crt), and the key (def.rtf)</P> <P>i added the ca.crt to ise ok in the trusted certificate section.&nbsp;</P> <P>i then tried to import the system cert (abc.crt) along w/ the private key, but i'm getting errors "private key validation failed"</P> <P></P> <P>1 - am i going about this the right way?</P> <P>2 - is the .rtf file for the key the issue and if so - how can i convert it</P> <P>3 - does it matter that the key is actually from a different server?</P> <P></P> <P></P> <P></P> Mon, 11 Mar 2019 07:01:47 GMT https://community.cisco.com/t5/network-access-control/trouble-adding-wildcard-cert/m-p/2953848#M38572 moody 2019-03-11T07:01:47Z https://community.cisco.com/t5/network-access-control/trouble-adding-wildcard-cert/m-p/2953849#M38573 <P>Certificates and private keys should both be in PEM format. Those are the ones that begin and end with lines like:</P> <PRE class="prettyprint">-----BEGIN CERTIFICATE-----<BR />-----END CERTIFICATE-----</PRE> <P>and</P> <PRE class="prettyprint">-----BEGIN PRIVATE KEY-----<BR />-----END PRIVATE KEY-----</PRE> <P>...with a whole lot of ASCII text in between them. You can verify by opening them in a text editor. The extension doesn't really matter as long as the file contents are plain ASCII text delimited properly.</P> <P>With those in hand, you can validate that a given key is the right one for a given certificate using openssl (or if you trust it, a webified interface that does the same thing: <A href="https://www.sslshopper.com/certificate-key-matcher.html" target="_blank">https://www.sslshopper.com/certificate-key-matcher.html</A> )</P> Thu, 25 Aug 2016 18:56:42 GMT https://community.cisco.com/t5/network-access-control/trouble-adding-wildcard-cert/m-p/2953849#M38573 Marvin Rhoads 2016-08-25T18:56:42Z