02-24-2016 11:09 PM - edited 03-01-2019 04:26 AM
Hi All,
I am getting "certificate error not trusted", in the APIC alerts window, can this possibly cause my HTTPS request from PI to fail.
And what is the procedure to update the CA on the APIC using the GUI, any suggestions is appreciated.
regards,
vivek
02-25-2016 12:50 AM
Hi Vivek,
Did you had chance to check this documentation about importing the certificate.
Thanks and Regards,
Geevarghese
02-25-2016 01:21 AM
Hi Geevarghese,
Thanks for your response, I am aware of the method.
But could you point me where to get the PEM and key files to upload in there, I have already gone to the link http://www.cisco.com/security/pki/
But I am unable to get the PEM file, is it something which needs to be converted from ".p7b" or can be obtained directly from any location.
Regards,
Vivek
02-25-2016 03:22 AM
Hi Vivek,
What you need to do is to create the .csr and .key
can you tryout the steps for getting the .csr file in APIC-EM.
Thanks and Regards,
Geevarghese
02-28-2016 11:16 PM
Hi Geevarghese,
Just wanted to check if we can generate the .csr and .key file from the existing APIC-EM or from any other source like Prime Infra.
But i am not able to find a method how to validate the APIC to look into the imported/created .csr and .key files no method is mentioned in any links or docs.and i have already created a .csr and .key file in the APIC but still i am getting an error.
i assume the created files needs to be put in a specific directory any suggestions.
regards,
Vivek
02-29-2016 05:29 AM
Hi,
I have generated the Self signed certificate in the APIC-EM Grapevine Cli and uploaded it VIA GUI "Replace Certificate" option.
But still when i try to provision the CPE(CSR's), i get the following error:
*Feb 29 14:49:42.065: CRYPTO_PKI: status = 0x747(E_EOS : end of i/o stream): Imported PKCS12 file failure
*Feb 29 14:49:42.065: %PKI-6-PKCS12IMPORT_FAIL: PKCS #12 Import Failed.
*Feb 29 14:49:42.475: CRYPTO_PKI: Creating trustpoint sdn-network-infra-iwan
Regards,
Vivek
08-11-2016 08:47 AM
We have the same problem. Is there any workaround ? Is this case solved ?
03-24-2017 02:44 AM
Hi,
We are also facing the same issue in APIC-EM Version 1.4.0.1959 with IWAN 1.4.1.504.
Is it resolved or it is an known open issue?.If any workaround is available, please let me know.
EPIC -->Audit Log-->Underlay and Overlay configuration in site HUB failed. PKI configuration failed for device xx.xx.xx. Failed to download PKCS12
grapevine log:
(config)#file prompt quiet
(config)#ntp server xx.xx.xx.xx
(config)#crypto pki import sdn-network-infra-iwan pkcs12 http://xx.xx.xx.xx/api/v1/trust-point/pkcs12/729de0bc-1cdc-4e0f-9bf2-5f3afcb4f2cd/kot5phen9b2up4obmv6leuj3hf password 9cnmndubo2khs23bp2aomipg4t
% Importing pkcs12...% Error: failed to open file.
Regards,
SS Vela
08-21-2017 01:10 PM
Did you ever find a resolution for this issue?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide