https://community.cisco.com/t5/network-security/install-self-signed-cert-in-defense-center/m-p/2917055#M1031492 <P abp="2777">Hi all,</P> <P abp="2778"></P> <P abp="2780">I am setting up my new Defense Center 6.0.1 (VM), which will manage a single 5508X.&nbsp; I am building my policies and am trying to get my realm working.&nbsp; I will run LDAP queries against two Windows 2012 R2 DC's.&nbsp; These DC's use self-signed certs, named dc1.domain.com and dc2.domain.com.&nbsp; I have copies of these certs in PFX format, and would like to upload them into the Defense Center so that I can secure my LDAP queries using LDAPS.&nbsp; As they are self-signed, they would need to be Trusted Cert Authorities.</P> <P abp="2781"></P> <P abp="2783">I am familiar with the upload process, however whenever I try to upload the PFX certs, I receive error <EM abp="2784">'Error uploading file. Please verify that this is a certificate and it uses a supported PKCS encoding</EM>.' &nbsp;I have used OpenSSL to convert the PFX certs to PEM format, which Defense Center can then read; however when I try to use this imported cert to secure LDAP, the Test connection fails.&nbsp; Using the ldp.exe utility on Windows, I am able to successfully connect to the domain controllers on port 636 using LDAPS.</P> <P abp="2785"></P> <P abp="2787">My question is: What type of cert does Defense Center "like" best?&nbsp; Should I be using CRT or CER format certs instead of PEM?</P> <P abp="2788"></P> <P abp="2790">My OpenSSL command was: <STRONG abp="2791">openssl pkcs12 -in cert.pfx -out cert.pem -nodes</STRONG></P> Tue, 12 Mar 2019 12:56:48 GMT cooperben 2019-03-12T12:56:48Z https://community.cisco.com/t5/network-security/install-self-signed-cert-in-defense-center/m-p/2917055#M1031492 <P abp="2777">Hi all,</P> <P abp="2778"></P> <P abp="2780">I am setting up my new Defense Center 6.0.1 (VM), which will manage a single 5508X.&nbsp; I am building my policies and am trying to get my realm working.&nbsp; I will run LDAP queries against two Windows 2012 R2 DC's.&nbsp; These DC's use self-signed certs, named dc1.domain.com and dc2.domain.com.&nbsp; I have copies of these certs in PFX format, and would like to upload them into the Defense Center so that I can secure my LDAP queries using LDAPS.&nbsp; As they are self-signed, they would need to be Trusted Cert Authorities.</P> <P abp="2781"></P> <P abp="2783">I am familiar with the upload process, however whenever I try to upload the PFX certs, I receive error <EM abp="2784">'Error uploading file. Please verify that this is a certificate and it uses a supported PKCS encoding</EM>.' &nbsp;I have used OpenSSL to convert the PFX certs to PEM format, which Defense Center can then read; however when I try to use this imported cert to secure LDAP, the Test connection fails.&nbsp; Using the ldp.exe utility on Windows, I am able to successfully connect to the domain controllers on port 636 using LDAPS.</P> <P abp="2785"></P> <P abp="2787">My question is: What type of cert does Defense Center "like" best?&nbsp; Should I be using CRT or CER format certs instead of PEM?</P> <P abp="2788"></P> <P abp="2790">My OpenSSL command was: <STRONG abp="2791">openssl pkcs12 -in cert.pfx -out cert.pem -nodes</STRONG></P> Tue, 12 Mar 2019 12:56:48 GMT https://community.cisco.com/t5/network-security/install-self-signed-cert-in-defense-center/m-p/2917055#M1031492 cooperben 2019-03-12T12:56:48Z