12-25-2018 12:00 AM
Hi everybody.
I have Cisco ISR4331 with Cisco AnyConnect running.
Cisco IOS XE Software, Version 16.07.01
Cisco IOS Software [Fuji], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.7.1, RELEASE SOFTWARE (fc6)
I`ve been using the PKI, generated on my DC for authenticating the VPN trustpoint but now I decided to change it with a purchased wildcard certificate from an official CA.
When I tried to do:
#crypto key import rsa wildcard general-purpose terminal
I was asked to put the certificate first and the private key then. At the end it said "Key import failed".
I`ve lurked on the web about it and have found the Bug, but I`m not sure it corresponds to my case:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCta14114/?rfs=iqvred
upd: oops...yesterday it was still in a bug status...
So I`m not sure about workarounds here:
1. Is there officially no way to import PKI from wildcard on ISR?
2. Should I instead generate the key and CSR on the router and then generate and import certificate from CA?
Thanks in advance for any help!
Solved! Go to Solution.
12-27-2018 12:22 AM
Have found out the way around on my own.
If anybody has the same problem: you have to make a PKCS12 bundle from your private key and certificate and then import it on your ISR.
Solved here.
12-27-2018 12:22 AM
Have found out the way around on my own.
If anybody has the same problem: you have to make a PKCS12 bundle from your private key and certificate and then import it on your ISR.
Solved here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide