Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
551
Views
0
Helpful
3
Replies

CSS11501 Certificates & rsakey files

john.pepper
Level 1
Level 1

‎09-21-2004 02:36 PM

Can somebody please clear this up for me as I don't really understand the documentation.

I am trying to Import a VeriSign certificate to my CSS.

I Export the certificate from the Windows IIS server and it generates a .pfx file. I assume this includes the certificate & privtae rsakey.?

However, the CSS documentation shows the 'import' & 'associate' cet / rsakey as separate files but the IIS server just generates the one .pfx file..?

Do I associate bo the cert & rsakey with the same cert file - e.g.

ssl associate rsakey key1 cert1

ssl associate cert cert1 cert1.pfx

Is the above correct or is there something I'm missing.?

Thanks...John

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎09-22-2004 04:18 AM

John,

you need to use openssl to split the pfx file into a key pem file and a certificate pem file.

You have to use pem format as the CSS does not support pfx.

Search google for hints on how to do the above.

Regards,

Gilles.

0 Helpful

john.pepper
Level 1
Level 1
In response to Gilles Dufour

‎09-23-2004 06:25 AM

Giles,

As ever - many thanks... This worked and got it sorted..Thanks

Just on another note - I'm also having a problem with the 'urlrewrite' finction within the SSL-Proxy-List,

The documentation says just add the 'urlrewrite www.mydomain.com' and any normal HTTP sessions that try and access the SSL module will be re-written but with HTTPS - this is what I want.

Unfortunately, this doesn't seem to work - when I try and access teh CSS from a browser just using //http://mydomain.com/... the page just times-out. It seems the SSL module just isn't picking it up.

I'm using standard Port 443 for the HTTPS sessions and this works fine. Is there something else that needs to be configured to get the urlrewrite function working..?

Thanks for all your help so far.

Cheers...John

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to john.pepper

‎09-25-2004 11:42 PM

John,

the urlrewrite only works with 30x redirect sent from the server to the client.

Use a sniffer to verify what is the cleartext message from the server.

When urlrewrite does not work, you normally see the browser attempting to connect using HTTP instead of HTTPS.

You indicates using http://....

Urlrewrite will have no impact on client request.

If you need http:// from the client [not the server] to be translated into https:// you need to created a redirect page on the CSS to intercept the http traffic and redirect the client to port 443.

There are a few documents about this on our website.

Regards,

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card