Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2695
Views
5
Helpful
1
Replies

SSL Certificate on Prime 3.5

Go to solution
ritchieb
Level 1
Level 1

‎05-09-2019 02:17 AM

Hi,

 

I am trying to install a SSL certifcate and key on Prime v3.5 and running into an issue.

 

On a fresh install of version 3.0 I am able to successfully run the following;

 

PRIMESVR/admin#copy ftp://#.#.#.#/mykey.key disk:defaultRepo

PRIMESVR/admin#copy ftp://#.#.#.#/mycert.cer disk:defaultRepo

PRIMESVR/admin#!

PRIMESVR/admin#ncs key importkey mykey.key mycert.cer repository defaultRepo

PRIMESVR/admin#ncs stop

PRIMESVR/admin#ncs start

 

Once completed the certificate is installed and when I browse to the server the certificate is correct and trusted.

 

On a fresh install of Prime version 3.5 I run the same commands as above and get the error below;

 

PRIMESVR/admin#copy ftp://#.#.#.#/mykey.key disk:defaultRepo

PRIMESVR/admin#copy ftp://#.#.#.#/mycert.cer disk:defaultRepo

PRIMESVR/admin#!

PRIMESVR/admin#ncs key importkey mykey.key mycert.cer repository defaultRepo

PRIMESVR/admin#unable to load certificate
140711382058672:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:708:Expecting: TRUSTED CERTIFICATE
ERROR: Failed to import key certificate. Public key in certificate does not match with private key
ERROR: ncs key importkey command failed. rval:256

PRIMESVR/admin#

 

I've searched and tried many things but cant get to the fix, can anyone assist?

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ritchieb
Level 1
Level 1

‎05-09-2019 03:50 AM

Took a step back and some more reading and figured out that the server wanted the cert in a Base 64 encoded format, went back to our internal CA and re-issued choosing the Base 64 version and voila!

 

PRIMESVR/admin# ncs key importkey mykey.key mycert-base64.cer repository defaultRepo
Imported server key. Changes will take affect on the next server restart
PRIMESVR/admin#

View solution in original post

1 Reply 1

Go to solution
ritchieb
Level 1
Level 1

‎05-09-2019 03:50 AM

Took a step back and some more reading and figured out that the server wanted the cert in a Base 64 encoded format, went back to our internal CA and re-issued choosing the Base 64 version and voila!

 

PRIMESVR/admin# ncs key importkey mykey.key mycert-base64.cer repository defaultRepo
Imported server key. Changes will take affect on the next server restart
PRIMESVR/admin#

Customers Also Viewed These Support Documents