12-25-2018 12:00 AM
Hi everybody.
I have Cisco ISR4331 with Cisco AnyConnect running.
Cisco IOS XE Software, Version 16.07.01
Cisco IOS Software [Fuji], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.7.1, RELEASE SOFTWARE (fc6)
I`ve been using the PKI, generated on my DC for authenticating the VPN trustpoint but now I decided to change it with a purchased wildcard certificate from an official CA.
When I tried to do:
#crypto key import rsa wildcard general-purpose terminal
I was asked to put the certificate first and the private key then. At the end it said "Key import failed".
I`ve lurked on the web about it and have found the Bug, but I`m not sure it corresponds to my case:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCta14114/?rfs=iqvred
upd: oops...yesterday it was still in a bug status...
So I`m not sure about workarounds here:
1. Is there officially no way to import PKI from wildcard on ISR?
2. Should I instead generate the key and CSR on the router and then generate and import certificate from CA?
Thanks in advance for any help!
Solved! Go to Solution.
12-27-2018 12:22 AM
Have found out the way around on my own.
If anybody has the same problem: you have to make a PKCS12 bundle from your private key and certificate and then import it on your ISR.
Solved here.
12-27-2018 12:22 AM
Have found out the way around on my own.
If anybody has the same problem: you have to make a PKCS12 bundle from your private key and certificate and then import it on your ISR.
Solved here.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: