07-12-2024 10:58 AM
Hi,
while uploading 2 different official certificates we get an error (see attachment) about intermediate certificates. We have those intermediate CA certificates but we see no way to upload or add them. Concatenating certificates does not work. Also adding the intermediate certificates to the underlying OS (Ubuntu 22.04) does not work.
How can we fix this?
Cheers,
BC
07-17-2024 04:08 AM
@bcnx wrote:Hi,
while uploading 2 different official certificates we get an error (see attachment) about intermediate certificates. We have those intermediate CA certificates but we see no way to upload or add them. Concatenating certificates does not work. Also adding the intermediate certificates to the underlying OS (Ubuntu 22.04) does not work.
How can we fix this?
Cheers,
BC
Try bundling the intermediate certificates with your server certificate in a single file. Concatenate the server certificate and the intermediate certificates in the correct order (server certificate first, followed by intermediate certificates) into one file and upload this combined file to the dashboard. Ensure the intermediate certificates are correctly placed in the Ubuntu 22.04 OS trust store by updating the CA certificates and restarting the necessary services.
07-28-2024 12:57 PM
Hi,
so I concatenated the intermediate and server certificate in the right order into a PEM file and I now get "Invalid key/cert pair" when uploading it. This to me seems to be an error with the private key. Since you don't have the option to upload a private key, it seems you have to follow the route of creating a CSR in the Cisco Business Dashboard and follow that procedure. I did that before but I don't remember if tried with the concatenated certificate or not. Will do that now.
07-28-2024 01:03 PM - edited 07-28-2024 01:21 PM
Hi again,
so I tried again with a certificate that was made based on the previous CSR (I did a new CSR but I don't think that's a problem), made a concatenated certificate with the certificate that was issued based on the CSR and I get again the "Invalid key/cert pair". Not sure how to continue from here.
I will also include the contents from /var/lib/ciscobusiness/dashboard/certs, as I see several private keys in there, which maybe is not normal:
-rw-r----- 1 cbd cbd 4732 Jun 4 08:44 cacert.pem
-rw------- 1 cbd cbd 1708 Jun 4 08:44 cakey.pem
-rw-r--r-- 1 cbd cbd 5079 Oct 20 2023 cert.pem
-rw------- 1 cbd cbd 1704 Jul 11 04:50 csr.key.pem
-rw-r--r-- 1 cbd cbd 1196 Jul 11 04:50 csr.pem
-rw-r----- 1 cbd cbd 424 Jun 4 08:44 dhparam.pem
-rw-r--r-- 1 cbd cbd 126488 Jun 4 08:45 ios.p7b
-rw------- 1 cbd cbd 1675 Oct 20 2023 key.pem
Cheers,
BC
07-30-2024 12:57 PM
Update: so I followed the procedure offered by the Cisco dashboard, used the latest CSR and upload a concatenated certificate and this seemed to work. I was able to reverse-engineer the fact that 2 files are involved: key.pem (private key) and cert.pem (concatenated certificate). When I replaced these files manually with our wildcard certificate and private key, everything worked after setting the permissions correct and restarting the Cisco dashboard services.
Cheers,
BC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide