Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
927
Views
0
Helpful
3
Replies

CSS + SSL - unable to create RSA association

btfreitag
Level 4
Level 4

‎08-08-2006 09:42 AM

Hello,

I am having troubles creating an RSA association on our CSS11506.

Here are the steps I've tried:

1.) I take the original "Digital ID Class 3 - VeriSign Server OnSite" certificate provided to us and move to the CSS via FTP. I have used the openssl verify process to make sure it was a good cert.

****

CSS-EC1# copy ssl ftp FTPSRV import websrv-gr.pem PEM "thepassword"

Connecting (/)

Completed successfully.

(also at this step - I have tried this with and without a passphrase with the same results)

****

OpenSSL verify:

C:\OpenSSL\bin>openssl verify -verbose -CAfile .\PEM\verisign.pem websrv-gr.pem

websrv-gr.pem: OK

****

2.) I then create a certificate association:

CSS-EC1(config)# ssl associate cert WWW websrv-gr.pem

3.) I then attempt to create and RSA association:

CSS-EC1(config)# ssl associate rsakey WWW-RSA websrv-gr.pem

%% File does not contain an RSA key

What can I do to get rid of this error? Does the certificate we recieved from Verisign need to be chained with the Verisign Intermediate certificate?

Any ideas?

Thanks in advance...

Regards,

Ben

Labels:
0 Helpful
3 Replies 3

diro
Level 1
Level 1

‎08-09-2006 05:30 AM

Step 1 looks ok

Step 2 looks ok

But step 3 is strange: the command in step 3 is to associate a private key to a name. But you are not using your private key file but certificate file to associate it to a keyname.

more info here

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00802929e9.html#wp999161

0 Helpful

fhunter
Level 1
Level 1
In response to diro

‎11-16-2006 04:45 PM

Hi

we have a customer with a similar problem,

CSS11501(config)# ssl associate rsakey vimageprivkey privkeyvimages.pem

Error: %% File does not contain an RSA key

The openssl utility has been used to extract the rsakey from the PKCS12 file.

They have used this method numerous times before without this error.

RSA key below:-

Bag Attributes

localKeyID: 31 31 36 33 30 38 34 35 35 32 32 33 30

friendlyName: vimages 2006 certificate

Key Attributes:

-----BEGIN RSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED

DEK-Info: DES-EDE3-CBC,4B31C6E8188C1E2C

L2zTgx4mEUBG0465IxpNOfeyoMX8vTXF6TTrClc5BCDqEYa+K8/9yu6ZwQ+GKdV2

WN0NES4mNMyqB+j2K9ysQi59Zw661MSf/ToTLPgbFlI7xK434ZpMiy6K0VIK8cSW

Nz8yTSbjarpsrigUYzoJ83p10a6vVXA/dEDGrMn84EQeYWjQdStcHU8DKmgaOMLY

c3s68BHex2oNOdG4P4Uo4lTG1zmQOyP0aY7KHv0KNVrR/RNSW4j01nAdPZ09YiiZ

Uu83Kvh/kwkGBhGYAr0vnlqPlsdUarfXams39F/Imp3NQdofXsrVencUjST4zjPK

1xpptY2RYa4lCEZBF5+Y00QhxaQR8IuLkh0x2niR/Nz+KBHxOJ8hacB/bcIpZKv0

ikFDiXoGLgRNCRM1qhECyfUk4Gt95J4qKSAsyUNOTjhaz73q+sUPu6eLffwUQ1U2

g6fNcqAu6z5xJkpPjVtGVt+opERqGrnlCW2R6I1QYio+U21p4Cx+7qfxrGGpZtt+

p0kYhEH9ZMODh8QhDEDv7qqLASQ5aQMcJSLIXCrV13R+yN/qr8qOUDKA88a9avIg

cArcSEWSQ91ZxYYIijnqMHNBWs1REM6U/FRuW28yM4JtZTyxB8baZUVczAfOnOja

yAuJ0UVyshNOZxk5W1OJTjrkqY7+JM0CdnJuYUSqvsQb9L3hiAJ/wHzUQw5pN1J3

Igoo6eLoBj2QC2Fgz1TwJEohelF3F+BVlEvjWjPHi5D0r2e1+HDNNjpWWZctebp7

Aw7kguV1bymfiG3stoHkP/VU2MyCznS6vXI/PWh4KgI=

-----END RSA PRIVATE KEY-----

Any Ideas ??

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to fhunter

‎11-17-2006 12:19 AM

the key is encrypted.

If you use the wrong password when you import it , you get the error message that you see.

Try to decrypt the key with openssl to make sure you have the right password.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents