Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
934
Views
0
Helpful
0
Replies

Install self-signed cert in Defense Center

cooperben
Level 1
Level 1

‎03-28-2016 01:15 PM - edited ‎03-12-2019 05:56 AM

Hi all,

I am setting up my new Defense Center 6.0.1 (VM), which will manage a single 5508X.  I am building my policies and am trying to get my realm working.  I will run LDAP queries against two Windows 2012 R2 DC's.  These DC's use self-signed certs, named dc1.domain.com and dc2.domain.com.  I have copies of these certs in PFX format, and would like to upload them into the Defense Center so that I can secure my LDAP queries using LDAPS.  As they are self-signed, they would need to be Trusted Cert Authorities.

I am familiar with the upload process, however whenever I try to upload the PFX certs, I receive error 'Error uploading file. Please verify that this is a certificate and it uses a supported PKCS encoding.'  I have used OpenSSL to convert the PFX certs to PEM format, which Defense Center can then read; however when I try to use this imported cert to secure LDAP, the Test connection fails.  Using the ldp.exe utility on Windows, I am able to successfully connect to the domain controllers on port 636 using LDAPS.

My question is: What type of cert does Defense Center "like" best?  Should I be using CRT or CER format certs instead of PEM?

My OpenSSL command was: openssl pkcs12 -in cert.pfx -out cert.pem -nodes

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card