procedure to update the CA in the APIC-EM GUI.

vivek.suriyanarayanan1 · ‎02-24-2016

Hi All,

I am getting "certificate error not trusted", in the APIC alerts window, can this possibly cause my HTTPS request from PI to fail.

And what is the procedure to update the CA on the APIC using the GUI, any suggestions is appreciated.

regards,

vivek

Geevarghese Cheria · ‎02-25-2016

Hi Vivek,

Did you had chance to check this documentation about importing the certificate.

Cisco Application Policy Infrastructure Controller Enterprise Module Deployment Guide, Release 1.x - Configuring the Ci…

Thanks and Regards,

Geevarghese

vivek.suriyanarayanan1 · ‎02-25-2016

Hi Geevarghese,

Thanks for your response, I am aware of the method.

But could you point me where to get the PEM and key files to upload in there, I have already gone to the link http://www.cisco.com/security/pki/

But I am unable to get the PEM file, is it something which needs to be converted from ".p7b" or can be obtained directly from any location.

Regards,

Vivek

Geevarghese Cheria · ‎02-25-2016

Hi Vivek,

What you need to do is to create the .csr and .key

Please refer-

can you tryout the steps for getting the .csr file in APIC-EM.

Prime Infrastructure 1.3 Certificate Installation failure | Security and Network Management | Cisco Support Community | …

Thanks and Regards,

Geevarghese

gimec.chn · ‎02-28-2016

Hi Geevarghese,

Just wanted to check if we can generate the .csr and .key file from the existing APIC-EM or from any other source like Prime Infra.

But i am not able to find a method how to validate the APIC to look into the imported/created .csr and .key files no method is mentioned in any links or docs.and i have already created a .csr and .key file in the APIC but still i am getting an error.

i assume the created files needs to be put in a specific directory any suggestions.

regards,

Vivek

vivek.suriyanarayanan1 · ‎02-29-2016

Hi,

I have generated the Self signed certificate in the APIC-EM Grapevine Cli and uploaded it VIA GUI "Replace Certificate" option.

But still when i try to provision the CPE(CSR's), i get the following error:

*Feb 29 14:49:42.065: CRYPTO_PKI: status = 0x747(E_EOS : end of i/o stream): Imported PKCS12 file failure

*Feb 29 14:49:42.065: %PKI-6-PKCS12IMPORT_FAIL: PKCS #12 Import Failed.

*Feb 29 14:49:42.475: CRYPTO_PKI: Creating trustpoint sdn-network-infra-iwan

Regards,

Vivek

Erol Karaseki · ‎08-11-2016

We have the same problem. Is there any workaround ? Is this case solved ?

vess1 · ‎03-24-2017

Hi,

We are also facing the same issue in APIC-EM Version 1.4.0.1959 with IWAN 1.4.1.504.

Is it resolved or it is an known open issue?.If any workaround is available, please let me know.

EPIC -->Audit Log-->Underlay and Overlay configuration in site HUB failed. PKI configuration failed for device xx.xx.xx. Failed to download PKCS12

grapevine log:

(config)#file prompt quiet

(config)#ntp server xx.xx.xx.xx

(config)#crypto pki import sdn-network-infra-iwan pkcs12 http://xx.xx.xx.xx/api/v1/trust-point/pkcs12/729de0bc-1cdc-4e0f-9bf2-5f3afcb4f2cd/kot5phen9b2up4obmv6leuj3hf password 9cnmndubo2khs23bp2aomipg4t

% Importing pkcs12...% Error: failed to open file.

Regards,

SS Vela

j.house · ‎08-21-2017

Did you ever find a resolution for this issue?