cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
575
Views
0
Helpful
3
Replies

CSM-S error ...

fdrodri
Level 1
Level 1

Hello.

First, I apologize for my English. Too bad!

I have a 6509 with a service plate CSM-S (WS-X6066-SLB-S-K9) with software version 2.2 (3).

I'm trying to create a ssl-proxy using a trustpoint with a certificate signed by a OpenCA.

I  do the installation using a "cut-and-paste" pem format, and the  certificates are installed correctly. But when I use the certificate in  the ssl-proxy configuration observed the following error:

ssl-proxy(config-ssl-proxy)#certificate rsa general-purpose trustpoint MYTRUSTPOINT

% Failed to set cert BER, status = 0x72A

!!! Failed to install subject name DER

Error in trustpoint configuration

Any idea?

Thanks.

3 Replies 3

Cesar Roque
Level 4
Level 4

Hi Fernando,

Most of the times, the problem is the intermediate cert missing a required RFC value for
"Authority Key Identifier" field.  Without this field in the intermediate cert you won't
be able to use this cert on the CSM-S.  Turns out we've seen a few cases with this and
there's no way this will work.  The fix is to get the CA to re-issue you a cert that
has this fixed.
--------------------- Cesar R ANS Team

Cesar, thanks for response.

But, I not have a intermediate cert. The CSM-S's certificate is directly signed for the root CA.

Greetings.

Hi Fernando,

Would be possible for you to send me the certificate and rsakey to test it in my Lab?

my email address is ceroque@cisco.com

--------------------- Cesar R ANS Team