topic Certificate/Private Key validation failed. How can I progress? in Network Access Control

Certificate/Private Key validation failed. How can I progress?

petertotok — Tue, 04 Jul 2017 14:15:44 GMT

Hi,

I got .p7b file from the CA which then I converted to PEM. Added the chain to the Trusted Certificates and then tried to bind it to the CSR I created initially. Comes back with the error: "Certificate/Private Key validation failed." What could be the problem? Haven't find anything in any troubleshooting documentation what could be the problem.

This is ISE 2.2.0.470.

Thank in advance.

Cheers,

Peter

Re: Certificate/Private Key validation failed. How can I progress?

vibobrov — Wed, 05 Jul 2017 15:14:20 GMT

Open the p7b file in Windows. It will look like a zip file. That file will contain the actual server cert as well as the roots. Export just the server cert and try to bind that in ISE

Re: Certificate/Private Key validation failed. How can I progress?

hslai — Thu, 06 Jul 2017 20:52:44 GMT

Yeah. Viktor's response would be a better fit for your case.

Assuming you converted the whole .p7b file to one single PEM, then it consists of a few certificates. You may open it in a text editor and copy the lines between and including "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" into individual files, as they represent certificates from the root CA, intermediate CA, issuing CA, and then your server certificate. Some PEM file also include the subject info there so easier to identify which portion is which certificate. Else, you may either use OpenSSL or some other tool on your desktop OS.

When importing certificates to ISE, you should import them one certificate at a time but not using any .p7b or a PEM file that combines multiple certificates.

If you still have problem on this, perhaps consider to engage our Cisco TAC, unless you are able to share the certificate file(s) here so we may help better.

Re: Certificate/Private Key validation failed. How can I progress?

flevie — Fri, 27 Oct 2017 17:43:31 GMT

Hello,

In our case, we have to use the correct pair of .crt and .key files (public and private key).

It didn't worded with the pfx file, we had the error "private key validation failed, incorrect password"

The support team of our SSL certificate reseller kindly help me extract my .pfx file using openssl (there is also a windows installer).

"You can extract the necessary files using this commands on any linux installation:

Get the key file:

openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]

Convert the key file to pem formate

openssl rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key]

Get the certificate out of the pfx

openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]"

After that I didn't get the private key validation failed error and the certificate was imported...

Re: Certificate/Private Key validation failed. How can I progress?

Ruelb2214 — Fri, 16 Jun 2023 06:37:11 GMT

hello, were you able to resolve your issue? I have the same issue now, can you share how did you resolve?

Re: Certificate/Private Key validation failed. How can I progress?

Ambuj M — Fri, 16 Jun 2023 06:52:42 GMT

did you generate the Certificate Signing request on ISE ? when you sent the CSR to your public CA in what format did they send the file back to you ?