01-03-2014 02:13 AM
Hi
after extracting the Cert.pem and Key.pem from the PXF file.
i am get the following error trying to import the Key.pem file to the ACE
ENG-CTN-ACE01/Admin# crypto import tftp 10.3.31.249 key5.pem key5
Trying to connect to tftp server......
!!!!!!!
TFTP get operation was successful
3294 bytes copied
Successfully imported file from remote server.
Error: File not of supported key or certificate type - RSA, import failed.
ENG-CTN-ACE01/Admin#
* i have decrypted the key.pem and tried adding the key manually with crypto import terminal command but still getting the same error.
can you please assist as want am i doing wrong.
the cert has been uploaded successfully.
Filename File File Expor Key/
Size Type table Cert
-----------------------------------------------------------------------
cisco-sample-cert 1082 PEM Yes CERT
cisco-sample-key 887 PEM Yes KEY
wildcard-20140102.cer 1459 DER Yes CERT
Thanks
rayyaan
01-03-2014 05:52 AM
Hi Rayyaan,
Your certificate seems to be in .der format. Please use the below tool to convert the cert and key pair to .PEM format and import again using terminal or tftp or ftp and try again. Once it shows PEM format there in "show crypto files", verify the cert and key pair and if successfull you are good to go.
https://www.sslshopper.com/ssl-converter.html
Regards,
Kanwal
01-06-2014 12:48 AM
Hi
I have change both file to a PEM format but still getting the same errors when trying to import the key.
The cer imports perfectly but only the key that i am trying to load onto the ACE is given me a problem, laoding the key manaully i get the same issue.
01-06-2014 08:27 AM
HI Rayyaan,
This is a key which you cannot share so that i can try here on my and see what is going on so i would suggested contacting your CA vendor and ask them to provide the key and cert in PEM format. Once you have that try it again. That's all i guess we can do here or you can open a TAC case and see what is going on. If the key is in PEM format ACE shouldn't have any problem in accepting it.
From user guide:
The ACE supports the importation of PEM-encoded key pairs and certificates (including wildcard certificates) signed by keys. The ACE allows a maximum public key size of 4096 bits. The maximum private key size is 2048 bits.
You can import a certificate or key pair file to the ACE from a remote server by using the crypto import command in Exec mode. You can import either individual certificates and keys or multiple certificates and keys. Because a network device uses its certificate and corresponding public key together to prove its identity during the SSL handshake, be sure to import both the certificate file and its corresponding key pair file.
The ACE supports the importation of PEM-encoded SSL certificates and keys with a maximum line width of 130 characters using the terminal. If an SSL certificate or key is not wrapped or it exceeds 130 characters per line, use a text editor such as the visual (vi) editor or Notepad to manually wrap the certificate or key to less than 130 characters per line. Alternatively, you can import the certificate or key by using SFTP, FTP, or TFTP with no regard to line width
Regards,
Kanwal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide