cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
347
Views
0
Helpful
6
Replies
Beginner

ESA C170 certificate export/renew via GUI

I want to export the existing certificate before applying the new certificate so I can restore it if there is any problem with the new certificate.

The help instructions say:

Step 1 Navigate to the Network > Certificates page.
Step 2 Click Export Certificate.
Step 3 Select the certificate you want to export.
Step 4 Enter the file name for the certificate.
Step 5 Enter a password for the certificate file.
Step 6 Click Export.
Step 7 Save the file to a local or network machine.
Step 8 You can export additional certificates or click Cancel to return to the Network > Certificates page.

I tried that, but step 4 does not include an important detail.

What file extension does the exported file need to have to be usable? It defaults to nothing (or the domain TLD if you named the file that way) and that doesn't work.  I tried ".crt" and it says that's invalid if I try to open the file after using that extension.

What is the correct file extension?  This should be included in the help documentation.

6 REPLIES 6
Highlighted
Enthusiast

Hi, ESA generates .p12 file

Hi, ESA generates .p12 file type - this is the PKCS#12 format.

It's a binary format that includes certificate, private key and intermediate certificates optionally.

Beginner

I just tried exporting with a

I just tried exporting with a .p12 file extension, but still don't see any way to view this certificate.

Now, it has the option to "install" it, but not just open it and look at the details.

Enthusiast

Do you have openssl installed

Do you have openssl installed on client machine?

You can extract cert to human readable format by running:

openssl pkcs12 -in esa.domain.tld.p12 -clcerts -nokeys -out esa.domain.tld.crt
openssl x509 -in esa.domain.tld.crt -text

Firefox supports importing .p12 file natively - you can try to import it to Firefox for testing purposes.

Beginner

I don't see any way to view

I don't see any way to view this certificate in Firefox.

Enthusiast

Have you imported the

Have you imported the exported certificate (.p12) file into Personal container in Firefox?

Cisco Employee

Hello,

Hello,

You can also use a third-party site like SSL-Shopper to convert the certificate. You can use the link below to convert from P12 to Standard PEM, and then open/view.

https://www.sslshopper.com/ssl-converter.html

Thanks!

-Dennis M.