Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2864
Views
0
Helpful
1
Replies

Import certificates

Go to solution
Eric R. Jones
Level 4
Level 4

‎07-31-2018 05:36 PM

Hello all, I generated the CSR from our Cisco Prime 3.1 server and set it off to get a 3rd party cert.

I got it back and uploaded it according to the documentation.

ncs key importcacert "alias" "cert filename" repository "repositoryname"

I also tried importsignedcert.

I believe the portion of the cert that needs to be uploaded is the Base 64 encoded certificate.

I tried using the combine Base 64 encoded certificate and the certificate with CA certificate chain.

Either way the results are the same the website continues to report invalid cert.

I can access the site via FQDN but still get the red "Not Secure" with the strike through https.

Anyone else have this issue?

ej

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ilay
VIP
VIP

‎08-01-2018 02:15 AM

i think you need to import the private key file. 

 

eg:

testpi/admin# copy ftp://10.1.173.20/214863947200291.key disk:defaultRepo
Username: admin
Password:

testpi/admin# copy ftp://10.1.173.20/214863947200291.crt disk:defaultRepo
Username: admin
Password: 
testpi/admin# dir disk:/defaultRepo/

Directory of disk:/defaultRepo/
3691 Aug 01 2018 13:47:57 214863947200291.crt
1674 Aug 01 2018 13:48:09 214863947200291.key
1296 Aug 01 2018 15:22:50 ssu.crt
1117 Aug 01 2018 13:41:43 ssu.csr

Usage for disk: filesystem
18069516288 bytes total used
116331257856 bytes free
141590306816 bytes available


testpi/admin# ncs key importkey 214863947200291.key 214863947200291.crt repository defaultRepo
The NCS server is running. Changes will take affect on the next server restart
Importing RSA key and matching certificate
testpi/admin# ncs key importsignedcert 214863947200291.crt repository defaultRepo
The NCS server is running. Changes will take affect on the next server restart
Importing signed certificate for key

testpi/admin# reload
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Continue with reboot? [y/n] y

 

I also tired generated CSR from Prime. and i signed the cert use my CA Server.

when i import the cert file. it come an error

--

testpi/admin# ncs key importsignedcert ssu.crt repository defaultRepo
The NCS server is running. Changes will take affect on the next server restart
Importing signed certificate for key
Error importing key java.security.KeyStoreException: New certificate does not match key for tomcat
ERROR: ncs key importsignedcert command failed. rval:256

--

View solution in original post

0 Helpful
1 Reply 1

Go to solution
ilay
VIP
VIP

‎08-01-2018 02:15 AM

i think you need to import the private key file. 

 

eg:

testpi/admin# copy ftp://10.1.173.20/214863947200291.key disk:defaultRepo
Username: admin
Password:

testpi/admin# copy ftp://10.1.173.20/214863947200291.crt disk:defaultRepo
Username: admin
Password: 
testpi/admin# dir disk:/defaultRepo/

Directory of disk:/defaultRepo/
3691 Aug 01 2018 13:47:57 214863947200291.crt
1674 Aug 01 2018 13:48:09 214863947200291.key
1296 Aug 01 2018 15:22:50 ssu.crt
1117 Aug 01 2018 13:41:43 ssu.csr

Usage for disk: filesystem
18069516288 bytes total used
116331257856 bytes free
141590306816 bytes available


testpi/admin# ncs key importkey 214863947200291.key 214863947200291.crt repository defaultRepo
The NCS server is running. Changes will take affect on the next server restart
Importing RSA key and matching certificate
testpi/admin# ncs key importsignedcert 214863947200291.crt repository defaultRepo
The NCS server is running. Changes will take affect on the next server restart
Importing signed certificate for key

testpi/admin# reload
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Continue with reboot? [y/n] y

 

I also tired generated CSR from Prime. and i signed the cert use my CA Server.

when i import the cert file. it come an error

--

testpi/admin# ncs key importsignedcert ssu.crt repository defaultRepo
The NCS server is running. Changes will take affect on the next server restart
Importing signed certificate for key
Error importing key java.security.KeyStoreException: New certificate does not match key for tomcat
ERROR: ncs key importsignedcert command failed. rval:256

--

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents