04-26-2011 01:39 PM
I am trying to generate a CSR on ACE.Actually import it from Linux box.
I have a linux server created an openssl key and then tried ti import it to the ace.
This is the error i am getting on my ace
admin#crypto import non-exportable ftp 10.192.49.8 root key.pem test123
Password:
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).
#
Successfully imported file from remote server.
Error: Specified local file already exists.
s0labsw-ace1/Admin# crypto generate csr key.pem test123
Error: Specified CSR config does not exist.
This what i configured for csr param
ace1/Admin# sh crypto csr-params all
test123:
country-name: US
state: CA
locality: undefined
org-name: undefined
org-unit: undefined
common-name: xxx
serial-number: 1
email: james.steve@xxx.com
can anyone let me point in the right direction
Solved! Go to Solution.
04-27-2011 06:03 AM
> s0labsw-ace1/Admin# crypto generate csr key.pem test123
I guess your CSR paramters name is test123 and key filename is key.pem.
If so, above configuration order is wrong.
ACE20-slot6-yushimaz/c1# sh crypto files
Filename File File Expor Key/
Size Type table Cert
-----------------------------------------------------------------------
key.pem 887 PEM Yes KEY
ACE20-slot6-yushimaz/c1# sh crypto csr-params all
test123:
country-name: JP
state: Tokyo
locality: undefined
org-name: undefined
org-unit: undefined
common-name: yushimaz
serial-number: 1
email: yushimaz@local
ACE20-slot6-yushimaz/c1#
ACE20-slot6-yushimaz/c1#
ACE20-slot6-yushimaz/c1# crypto generate csr ?
ACE20-slot6-yushimaz/c1# crypto generate csr key.pem ?
ACE20-slot6-yushimaz/c1# crypto generate csr key.pem test123 <<==
Error: Specified CSR config does not exist.
ACE20-slot6-yushimaz/c1# crypto generate csr test123 key.pem <<==
-----BEGIN CERTIFICATE REQUEST-----
MIIBjjCB+AIBADBPMQswCQYDVQQGEwJKUDEOMAwGA1UECBMFVG9reW8xETAPBgNV
BAMTCHl1c2hpbWF6MR0wGwYJKoZIhvcNAQkBFg55dXNoaW1hekBsb2NhbDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8CcnWVe1amgXKE7ITPIDOSTys60ECf23
1wpE/r7Yj+ihW5Y54jrvxr31QTCDXCwJVi4PjjYg8+2dtJvq+9g0fW2uzAbj6aNO
iNP93KsEhooo1bvH6iUA/HQfJ6CxwLTMIWgOWxUuMeIdCXZwCguWmERIhq63RbTM
F0DRP8IwEnECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBAOQ+zm6NVGTbxHY5GsW4
hPEJdChW8XLWv0bnEQo1bcreR8ACNQ3g7mETWj/hRv6gZTIbQKsQElQ+RAInUPvl
xM47+HgMNQkzPH9621wc1niR0S/mJUVQ/aIl6ZQwROvlAmIi6Gs+nyYUtfccjgpL
ScYjdqEO4aXDXikzZDG0Y0gW
-----END CERTIFICATE REQUEST-----
ACE20-slot6-yushimaz/c1#
Regards,
Yuji
04-27-2011 09:11 PM
I searched your error message and found the following page.
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1256
I guess your key is not 2048bit. So, please check your key.
Just to tell you, ACE can generate 2048 bit key as below.
ACE20-slot6-yushimaz/c1# crypto generate key ?
1024 Use bitsize of 1024
1536 Use bitsize of 1536
2048 Use bitsize of 2048
512 Use bitsize of 512
768 Use bitsize of 768
non-exportable Mark the generated key as non-exportable
ACE20-slot6-yushimaz/c1# crypto generate key
Regards,
Yuji
04-27-2011 06:03 AM
> s0labsw-ace1/Admin# crypto generate csr key.pem test123
I guess your CSR paramters name is test123 and key filename is key.pem.
If so, above configuration order is wrong.
ACE20-slot6-yushimaz/c1# sh crypto files
Filename File File Expor Key/
Size Type table Cert
-----------------------------------------------------------------------
key.pem 887 PEM Yes KEY
ACE20-slot6-yushimaz/c1# sh crypto csr-params all
test123:
country-name: JP
state: Tokyo
locality: undefined
org-name: undefined
org-unit: undefined
common-name: yushimaz
serial-number: 1
email: yushimaz@local
ACE20-slot6-yushimaz/c1#
ACE20-slot6-yushimaz/c1#
ACE20-slot6-yushimaz/c1# crypto generate csr ?
ACE20-slot6-yushimaz/c1# crypto generate csr key.pem ?
ACE20-slot6-yushimaz/c1# crypto generate csr key.pem test123 <<==
Error: Specified CSR config does not exist.
ACE20-slot6-yushimaz/c1# crypto generate csr test123 key.pem <<==
-----BEGIN CERTIFICATE REQUEST-----
MIIBjjCB+AIBADBPMQswCQYDVQQGEwJKUDEOMAwGA1UECBMFVG9reW8xETAPBgNV
BAMTCHl1c2hpbWF6MR0wGwYJKoZIhvcNAQkBFg55dXNoaW1hekBsb2NhbDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8CcnWVe1amgXKE7ITPIDOSTys60ECf23
1wpE/r7Yj+ihW5Y54jrvxr31QTCDXCwJVi4PjjYg8+2dtJvq+9g0fW2uzAbj6aNO
iNP93KsEhooo1bvH6iUA/HQfJ6CxwLTMIWgOWxUuMeIdCXZwCguWmERIhq63RbTM
F0DRP8IwEnECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBAOQ+zm6NVGTbxHY5GsW4
hPEJdChW8XLWv0bnEQo1bcreR8ACNQ3g7mETWj/hRv6gZTIbQKsQElQ+RAInUPvl
xM47+HgMNQkzPH9621wc1niR0S/mJUVQ/aIl6ZQwROvlAmIi6Gs+nyYUtfccjgpL
ScYjdqEO4aXDXikzZDG0Y0gW
-----END CERTIFICATE REQUEST-----
ACE20-slot6-yushimaz/c1#
Regards,
Yuji
04-27-2011 08:37 AM
Thanks yushimaz
ace1/Admin# crypto generate csr test123 key.pem
-----BEGIN CERTIFICATE REQUEST-----
MIIBkzCB/QIBADBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCU0MxFTATBgNVBAMT
DGFob2xkdXNhLmNvbTEhMB8GCSqGSIb3DQEJARYSaGFyaS5nYWR1bGFAaHAuY29t
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXm69DPS5ueh6bWo1G3fRbbHfe
P7A0m4aRkPhpkWq/KJbeLB3RXatZBTqkBiAG3ay7XDGiPoV4/73WgzIXnEdlOcFo
CcXkshLcWk2DgFDYv7a1yP3o3TRtZ5oD/XJVLsbDOQZIcTYyqPuBrmZZeYqdFtNa
SLPZKUKfpMU3DbStyQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAXc463f3sVzCC
UW4N25Rbxf5mJwOhYBR5yjoPORGxB5AUWS2clmvsU5OaEMph3tSBcdkS+LddhTHe
4XQugogVUF5bRmR40RgciF/t4GwY0/e1eMnJ4sc7fKbcCb4vhMpRwKXp69DBOX7B
XpkSSNbILYcXwi+GslTc++ot4KowJY0=
-----END CERTIFICATE REQUEST-----
When I am trying to generate a certificate with this csr in a free website I am getting this error message
This CSR uses an unsupported key size!
Can I generate an CSR on my ACE and get a certificate ,to do the SSL encryption of Decryption .
Or Do i need to generate a Key on my Linux or Windows server and then import it to the ACE to get a SSL certificate.
04-27-2011 09:11 PM
I searched your error message and found the following page.
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1256
I guess your key is not 2048bit. So, please check your key.
Just to tell you, ACE can generate 2048 bit key as below.
ACE20-slot6-yushimaz/c1# crypto generate key ?
1024 Use bitsize of 1024
1536 Use bitsize of 1536
2048 Use bitsize of 2048
512 Use bitsize of 512
768 Use bitsize of 768
non-exportable Mark the generated key as non-exportable
ACE20-slot6-yushimaz/c1# crypto generate key
Regards,
Yuji
04-28-2011 08:45 AM
Thanks it worked .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide