CSS 11503 - SSl - Unable to clear/delete rsakey

ravi.saini · ‎02-11-2004

Hi,

We have recently configured an ssl redirect service on the CSS11503. This works great.

The css was then cleared of all configuration including all ssl cert/key associations inorder to test recovery.

The problem we are experiencing is that there is a rsakey file that is shown as existing but cannot be used or deleted.

Can anyone explain this?

Also when the generated digital certificates have been authenticated by Verisign. When trying to download to cisco a vendor code is required which we do not have?

Has anyone had similar problems?

Gilles Dufour · ‎02-11-2004

did you try the command 'ssl clearfiles' from the llama/debug mode ?

Is it the CSS requesting the vendor code ?

What is the exact sentence ?

Thanks,

Gilles.

ravi.saini · ‎02-12-2004

Gilles

This is the query raised by the customer:-

'On applying for a SSL Certificate from Verisign using a CSR produced on the CSS there is a requirement to provide the SSL server software vender. Neither Cisco nor WebNS appears on the options for the list and Verisign have advised that Cisco should be able to provide a suitable answer to this question'

We have been unable to find the SSL server software vendor

mvoight · ‎02-12-2004

Ravi,

There are multiple types supported by the CSS SSL Module and WebNS.

If you select apache, you will get a PEM certificate.

WIN2000 IIS 5 uses PKCS12, and NT IIS4 uses DER

PEM, DER, and PKCS12 is supported by the CSS.

This info can be found at

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080157875.html#1063169

I generally tell people to select apache, but the others should work. I agree, Cisco should be listed at the Apache website.