CSM-S error ...

fdrodri · ‎09-05-2012

Hello.

First, I apologize for my English. Too bad!

I have a 6509 with a service plate CSM-S (WS-X6066-SLB-S-K9) with software version 2.2 (3).

I'm trying to create a ssl-proxy using a trustpoint with a certificate signed by a OpenCA.

I do the installation using a "cut-and-paste" pem format, and the certificates are installed correctly. But when I use the certificate in the ssl-proxy configuration observed the following error:

ssl-proxy(config-ssl-proxy)#certificate rsa general-purpose trustpoint MYTRUSTPOINT

% Failed to set cert BER, status = 0x72A

!!! Failed to install subject name DER

Error in trustpoint configuration

Any idea?

Thanks.

Cesar Roque · ‎09-05-2012

Hi Fernando,

Most of the times, the problem is the intermediate cert missing a required RFC value for
"Authority Key Identifier" field.  Without this field in the intermediate cert you won't
be able to use this cert on the CSM-S.  Turns out we've seen a few cases with this and
there's no way this will work.  The fix is to get the CA to re-issue you a cert that
has this fixed.

--------------------- Cesar R ANS Team

fdrodri · ‎09-07-2012

Cesar, thanks for response.

But, I not have a intermediate cert. The CSM-S's certificate is directly signed for the root CA.

Greetings.

Cesar Roque · ‎09-12-2012

Hi Fernando,

Would be possible for you to send me the certificate and rsakey to test it in my Lab?

my email address is ceroque@cisco.com

--------------------- Cesar R ANS Team