cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1482
Views
0
Helpful
3
Replies

Cisco ACE key.pem import error

rayyaan fayker
Level 1
Level 1

Hi

after extracting the Cert.pem and Key.pem from the PXF file.

i am get the following error trying to import the Key.pem file to the ACE

ENG-CTN-ACE01/Admin# crypto import tftp 10.3.31.249 key5.pem key5

Trying to connect to tftp server......

!!!!!!!

TFTP get operation was successful

3294 bytes copied

Successfully imported file from remote server.

Error: File not of supported key or certificate type - RSA,  import failed.

ENG-CTN-ACE01/Admin#

* i have decrypted the key.pem and tried adding the key manually with crypto import terminal command but still getting the same error.

can you please assist as want am i doing wrong.

the cert has been uploaded successfully.

Filename                                 File  File    Expor      Key/

                                         Size  Type    table      Cert

-----------------------------------------------------------------------

cisco-sample-cert                        1082  PEM     Yes        CERT

cisco-sample-key                         887   PEM     Yes         KEY

wildcard-20140102.cer                    1459  DER     Yes        CERT

Thanks

rayyaan

3 Replies 3

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi Rayyaan,

Your certificate seems to be in .der format. Please use the below tool to convert the cert and key pair to .PEM format and import again using terminal or tftp or ftp and try again. Once it shows PEM format there in "show crypto files", verify the cert and key pair and if successfull you are good to go.

https://www.sslshopper.com/ssl-converter.html

Regards,

Kanwal

Hi

I have change both file to a PEM format but still getting the same errors when trying to import the key.

The cer imports perfectly but only the key that i am trying to load onto the ACE is given me a problem, laoding the key manaully i get the same issue.

HI Rayyaan,

This is a key which you cannot share so that i can try here on my and see what is going on so i would suggested contacting your CA vendor and ask them to provide the key and cert in PEM format. Once you have that try it again. That's all i guess we can do here or you can open a TAC case and see what is going on. If the key is in PEM format ACE shouldn't have any problem in accepting it.

From user guide:

Importing Certificate and Key Pair Files

The ACE supports the importation of PEM-encoded key pairs and certificates (including wildcard certificates) signed by keys. The ACE allows a maximum public key size of 4096 bits. The maximum private key size is 2048 bits.

You can import a certificate or key pair file to the ACE from a remote server by using the crypto import command in Exec mode. You can import either individual certificates and keys or multiple certificates and keys. Because a network device uses its certificate and corresponding public key together to prove its identity during the SSL handshake, be sure to import both the certificate file and its corresponding key pair file.

The ACE supports the importation of PEM-encoded SSL certificates and keys with a maximum line width of 130 characters using the terminal. If an SSL certificate or key is not wrapped or it exceeds 130 characters per line, use a text editor such as the visual (vi) editor or Notepad to manually wrap the certificate or key to less than 130 characters per line. Alternatively, you can import the certificate or key by using SFTP, FTP, or TFTP with no regard to line width

Regards,

Kanwal

Review Cisco Networking for a $25 gift card