05-10-2018 06:13 AM - edited 02-21-2020 07:45 AM
Were trying to install a GoDaddy ssl cert onto our Firesight management center and for some reason every certificate version we try, we get an error message....
CER (.crt) Failed to validate Cert Based EO: The certificate and key do not match.
or
PKCS12 (.pfx with key) - Error uploading file. Please verify that this is a certificate and it uses a supported PKCS encoding.
or
CER (.crt) Failed to validate Cert Based EO: The certificate is invalid.
Any help would be greatly appreciated
05-10-2018 09:42 AM
Where and how in FMC did you try it?
05-10-2018 09:46 AM
05-10-2018 10:00 AM
That's the wrong place to import this certificate. Under "CA" you import a cert that has the capability to sign other certificates to do outgoing TLS-inspection.
What do you want to do with the certificate:
05-11-2018 12:25 AM
05-11-2018 12:30 AM
You can't use a public certificate for that. These certificates are for servers but can't be used to generate certificates what is needed here.
You have to either generate the certificate on FMC and distribute it to all clients, or generate a CSR on the FMC and get a cert from your own trusted CA with a certificate-server template.
10-31-2018 09:40 AM
Hello,
We are trying to import a certificate from our syslog server.
We want to implement a secure syslog using tls.
I have a certificate (.pem) and a private key (.pem) which was provided by syslog admin team.
I go to System -> Configuration -> Audit log certificate -> Import Audit client certificate
Trying to import them, always get (I tried cert+key and the cert only):
I tried to do it via cli and I get an error too:
ConfigurAudit_cert> import
*************** Import Audit Client Certificate **************
1 Import Client Certificate and Private Key
2 Import Certificate Chain
0 Exit
**************************************************************
Enter choice: 1
Enter your audit client certificate (PEM format) here:
-----BEGIN CERTIFICATE-----
MIIEETCCAsmgAwIBAgIESZYC0jANB
wD/ZLXTNZTaje13GrU8yUovMh5C6q6nWqCR6N9Kv6OS8mk0yaw==
-----END CERTIFICATE-----
Enter your private key (PEM format) here:
-----BEGIN RSA PRIVATE KEY-----
MIIFewIBAAKCATEA2Nnbv1hDCzEaD+C+HEqEw3zQwMTOe
2eeTVOoTVoI3tSyYRQCiitObdG3ldk3C+LdSxrI8v92XDq/FBK
3dUOJ/lHFU39PZmLTktq
-----END RSA PRIVATE KEY-----
Client certificate import failed, exiting...
Don't know if anybody has tried to send secure syslog.
I am running 6.2.3.4.
10-31-2018 10:20 AM
Assuming you've verified the certificate and key work together (e.g., with OpenSSL), you may be hitting one of several recent bugs:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg28901/?rfs=iqvred
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf42713/?rfs=iqvred
I've seen this on very recent 6.2.3.x code where FMC does not allow the import of a well-formed certificate.
I'd open a TAC case to confirm. That also helps prioritize the bug fix.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide