02-22-2010 08:37 AM - edited 02-21-2020 03:53 AM
I'm having trouble with certificates for my NAC environment. I have generated the CSR with the private key. I have then requested certificate from a Windows 2003 Server CA Authority. I'm not sure which item to use so I have tried with Administrator, Web Server and User. I download the certificate from the CA and try uploading to the CAM and always keep getting "Must include end entity". I'm not sure if I'm doing the whole process correctly seeing as there is not much information to using a Microsoft CA. Has any one done this and can give me a help.
Thanks
Victor
02-22-2010 08:50 AM
Victor,
You need the web server certificate for your CAM. Make sure you save the private key somewhere safe also. Once you get the cert from the MS CA, open the cert and the private key in notepad and combine them in one file. Upload that file to the CAM under the X509 tab under SSL. Now this would work under the assumption that you're working with the latest CCA. If it's something different, please post that.
HTH,
Faisal
02-22-2010 09:11 AM
Hello Faisal
Here is what I did. I went to CAM and generated a CSR and exported the CSR with the private key. Also I exported only the private key for safe keeping.
Then I went to the Microsoft CA web page and submitted my request as a Web Server. And download the certificate provided (certnew.cer) I opened this with notepad and the private key as well and copied and pasted the private key into the certnew.cer and saved it as a new file cert.txt. I then tried to import the cert-txt file via the X509 Certificate page. Still I get the message "Must include end entity certificate".
Somewhere along the line I'm missing a step, I just don't know what.
All help appreciated
Victor
02-22-2010 10:42 AM
Victor,
Can you post your certificate and key for review. If posting to a public forum is not possible, can you please send it to my email? Also you haven't verified what version of CCA are you on?
Thanks,
Faisal
fasehbai @ cisco.com
02-22-2010 10:50 AM
Hello Faisal
I've managed to install the certificates. I'm using version 4.7.1. What is necessary is to convert the DER format to PEM format and everything works fine.
Thanks for the help though
Victor
06-17-2014 01:26 AM
I am having trouble while importing SSL certificate that we have purchased from geo trust, However if we genrate self signed certificate it works perfectly fine for 3 month. Problm is every 3 month we have to regenrate the certificate. TO overcome this we have purchased SSL certificate. Any help suggetsion is appreciated.
I am attching the error snapshots for refrence " must include end entity certificate"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide