cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1663
Views
0
Helpful
1
Replies

TLS Certificates on C150

schwager
Level 1
Level 1

Hello,

i have some troubles to renew my certificates on my two C150 appliances.

2008 i used openSSL to generate the request and install the new certificate with CLI.

The certificate is now expired and i generate a new request with openSSL, send it to geotrust and got a new certificate.

I used openSSL:

openssl genrsa -des3 -out server.key 2048                               to generate the keyfile

openssl rsa -in server.key -out server.key.PEMunsecure      to convert the keyfile

openssl req -new -key server.key -out server.csr                    to generate the request

got the certificate from external CA and then convert:

openssl x509 -inform der -in server.cer -out server.pem        to convert the certificate from the CA to PEM format

When i start to install the certificate (via certificate --> PASTE or webpage) i always get the message: "The key does not sign certificate."

What does this mean?

1 Reply 1

Greetings,

In short this error indicates that the key provided does not match the certificate. Was the key generated on the same system you are attempting to install the certificate on?  You may want to open a support request with customer support. We will be more than happy to assist you with this issue.


Christopher C Smith
CSE

Cisco IronPort Customer Support 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: