cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
750
Views
0
Helpful
2
Replies

Please help. Cert and key import issues.

csbowser
Level 1
Level 1

Hello. I need to import a cert/key from IIS 5.0, and import a cert currently used by tomcat, pkcs7 format.

PKCS12. I took the exported cert and ran it through openssl: openssl pkcs12 -in certfile -out certfile.pem.

I then took certfile.pem, and cut out the certificate portion, and the privatekey portion, saving them into seperate files, copying both into the css. The cert association was fine, but the ssl associate rsakey fails, saying the file does not contain an RSA key. I tried the key portion with the encryption header, without the header, with a one line space between the --begin-- and text, and without. (I've seen examples of RSA keys in all those formats). No luck. Any ideas on what to do? I generated an rsa key on the css, and exported it for comparison. key length and formats are the same, but no go.

PKCS7. We have a timecard server that runs tomcat. The tomcat server required a pkcs7 cert to work. Will a pkcs7 work on the css? Will it work with a litte manipulation? The cert imports fine and lets you associate a name with it, but where do I get a private key to associate with it? Can I spit that out from the pkcs7 file?

Thanks!

2 Replies 2

csbowser
Level 1
Level 1

Update. Figured out the pkcs12 issue. Rather than splitting the cert portion out of the PEM file, you put the whole pem file in as the cert. Then, you run the openssl rsa -inform PEM -outform PEM -in wholePEMcert.file -out PEMrsakeys.file.

Once both of those were on the CSS, the verify returned successful.

No word yet on the pkcs7 issue.

Thanks,

I ran into a similar issue when exporting a certificate from IIS 5.0. The resolution was to turn off "enable strong encryption" which is unfortunatley turned on by default.

On the import of the cert you should use a password phrase as well as the certificate password in quotes.

ex:

copy ssl ftp ssl_record import new_cert.pfx PKCS12 "newcertpass" "certphrasepass"

Hope this helps,

It worked for me.

Review Cisco Networking for a $25 gift card