Solved: ISR4331 wildcard private key import

Konstantin Raven · ‎12-25-2018

Hi everybody.

I have Cisco ISR4331 with Cisco AnyConnect running.

Cisco IOS XE Software, Version 16.07.01
Cisco IOS Software [Fuji], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.7.1, RELEASE SOFTWARE (fc6)

I`ve been using the PKI, generated on my DC for authenticating the VPN trustpoint but now I decided to change it with a purchased wildcard certificate from an official CA.

When I tried to do:

#crypto key import rsa wildcard general-purpose terminal

I was asked to put the certificate first and the private key then. At the end it said "Key import failed".

I`ve lurked on the web about it and have found the Bug, but I`m not sure it corresponds to my case:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCta14114/?rfs=iqvred

upd: oops...yesterday it was still in a bug status...

So I`m not sure about workarounds here:

1. Is there officially no way to import PKI from wildcard on ISR?

2. Should I instead generate the key and CSR on the router and then generate and import certificate from CA?

Thanks in advance for any help!

Konstantin Raven · ‎12-27-2018

Have found out the way around on my own.

If anybody has the same problem: you have to make a PKCS12 bundle from your private key and certificate and then import it on your ISR.

Solved here.

View solution in original post

Konstantin Raven · ‎12-27-2018

Have found out the way around on my own.

If anybody has the same problem: you have to make a PKCS12 bundle from your private key and certificate and then import it on your ISR.

Solved here.