08-08-2006 09:42 AM
Hello,
I am having troubles creating an RSA association on our CSS11506.
Here are the steps I've tried:
1.) I take the original "Digital ID Class 3 - VeriSign Server OnSite" certificate provided to us and move to the CSS via FTP. I have used the openssl verify process to make sure it was a good cert.
****
CSS-EC1# copy ssl ftp FTPSRV import websrv-gr.pem PEM "thepassword"
Connecting (/)
Completed successfully.
(also at this step - I have tried this with and without a passphrase with the same results)
****
OpenSSL verify:
C:\OpenSSL\bin>openssl verify -verbose -CAfile .\PEM\verisign.pem websrv-gr.pem
websrv-gr.pem: OK
****
2.) I then create a certificate association:
CSS-EC1(config)# ssl associate cert WWW websrv-gr.pem
3.) I then attempt to create and RSA association:
CSS-EC1(config)# ssl associate rsakey WWW-RSA websrv-gr.pem
%% File does not contain an RSA key
What can I do to get rid of this error? Does the certificate we recieved from Verisign need to be chained with the Verisign Intermediate certificate?
Any ideas?
Thanks in advance...
Regards,
Ben
08-09-2006 05:30 AM
Step 1 looks ok
Step 2 looks ok
But step 3 is strange: the command in step 3 is to associate a private key to a name. But you are not using your private key file but certificate file to associate it to a keyname.
more info here
11-16-2006 04:45 PM
Hi
we have a customer with a similar problem,
CSS11501(config)# ssl associate rsakey vimageprivkey privkeyvimages.pem
Error: %% File does not contain an RSA key
The openssl utility has been used to extract the rsakey from the PKCS12 file.
They have used this method numerous times before without this error.
RSA key below:-
Bag Attributes
localKeyID: 31 31 36 33 30 38 34 35 35 32 32 33 30
friendlyName: vimages 2006 certificate
Key Attributes:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,4B31C6E8188C1E2C
L2zTgx4mEUBG0465IxpNOfeyoMX8vTXF6TTrClc5BCDqEYa+K8/9yu6ZwQ+GKdV2
WN0NES4mNMyqB+j2K9ysQi59Zw661MSf/ToTLPgbFlI7xK434ZpMiy6K0VIK8cSW
Nz8yTSbjarpsrigUYzoJ83p10a6vVXA/dEDGrMn84EQeYWjQdStcHU8DKmgaOMLY
c3s68BHex2oNOdG4P4Uo4lTG1zmQOyP0aY7KHv0KNVrR/RNSW4j01nAdPZ09YiiZ
Uu83Kvh/kwkGBhGYAr0vnlqPlsdUarfXams39F/Imp3NQdofXsrVencUjST4zjPK
1xpptY2RYa4lCEZBF5+Y00QhxaQR8IuLkh0x2niR/Nz+KBHxOJ8hacB/bcIpZKv0
ikFDiXoGLgRNCRM1qhECyfUk4Gt95J4qKSAsyUNOTjhaz73q+sUPu6eLffwUQ1U2
g6fNcqAu6z5xJkpPjVtGVt+opERqGrnlCW2R6I1QYio+U21p4Cx+7qfxrGGpZtt+
p0kYhEH9ZMODh8QhDEDv7qqLASQ5aQMcJSLIXCrV13R+yN/qr8qOUDKA88a9avIg
cArcSEWSQ91ZxYYIijnqMHNBWs1REM6U/FRuW28yM4JtZTyxB8baZUVczAfOnOja
yAuJ0UVyshNOZxk5W1OJTjrkqY7+JM0CdnJuYUSqvsQb9L3hiAJ/wHzUQw5pN1J3
Igoo6eLoBj2QC2Fgz1TwJEohelF3F+BVlEvjWjPHi5D0r2e1+HDNNjpWWZctebp7
Aw7kguV1bymfiG3stoHkP/VU2MyCznS6vXI/PWh4KgI=
-----END RSA PRIVATE KEY-----
Any Ideas ??
11-17-2006 12:19 AM
the key is encrypted.
If you use the wrong password when you import it , you get the error message that you see.
Try to decrypt the key with openssl to make sure you have the right password.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide