07-31-2018 05:36 PM
Hello all, I generated the CSR from our Cisco Prime 3.1 server and set it off to get a 3rd party cert.
I got it back and uploaded it according to the documentation.
ncs key importcacert "alias" "cert filename" repository "repositoryname"
I also tried importsignedcert.
I believe the portion of the cert that needs to be uploaded is the Base 64 encoded certificate.
I tried using the combine Base 64 encoded certificate and the certificate with CA certificate chain.
Either way the results are the same the website continues to report invalid cert.
I can access the site via FQDN but still get the red "Not Secure" with the strike through https.
Anyone else have this issue?
ej
Solved! Go to Solution.
08-01-2018 02:15 AM
i think you need to import the private key file.
eg:
testpi/admin# copy ftp://10.1.173.20/214863947200291.key disk:defaultRepo
Username: admin
Password:
testpi/admin# copy ftp://10.1.173.20/214863947200291.crt disk:defaultRepo
Username: admin
Password:
testpi/admin# dir disk:/defaultRepo/
Directory of disk:/defaultRepo/
3691 Aug 01 2018 13:47:57 214863947200291.crt
1674 Aug 01 2018 13:48:09 214863947200291.key
1296 Aug 01 2018 15:22:50 ssu.crt
1117 Aug 01 2018 13:41:43 ssu.csr
Usage for disk: filesystem
18069516288 bytes total used
116331257856 bytes free
141590306816 bytes available
testpi/admin# ncs key importkey 214863947200291.key 214863947200291.crt repository defaultRepo
The NCS server is running. Changes will take affect on the next server restart
Importing RSA key and matching certificate
testpi/admin# ncs key importsignedcert 214863947200291.crt repository defaultRepo
The NCS server is running. Changes will take affect on the next server restart
Importing signed certificate for key
testpi/admin# reload
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Continue with reboot? [y/n] y
I also tired generated CSR from Prime. and i signed the cert use my CA Server.
when i import the cert file. it come an error
--
testpi/admin# ncs key importsignedcert ssu.crt repository defaultRepo
The NCS server is running. Changes will take affect on the next server restart
Importing signed certificate for key
Error importing key java.security.KeyStoreException: New certificate does not match key for tomcat
ERROR: ncs key importsignedcert command failed. rval:256
--
08-01-2018 02:15 AM
i think you need to import the private key file.
eg:
testpi/admin# copy ftp://10.1.173.20/214863947200291.key disk:defaultRepo
Username: admin
Password:
testpi/admin# copy ftp://10.1.173.20/214863947200291.crt disk:defaultRepo
Username: admin
Password:
testpi/admin# dir disk:/defaultRepo/
Directory of disk:/defaultRepo/
3691 Aug 01 2018 13:47:57 214863947200291.crt
1674 Aug 01 2018 13:48:09 214863947200291.key
1296 Aug 01 2018 15:22:50 ssu.crt
1117 Aug 01 2018 13:41:43 ssu.csr
Usage for disk: filesystem
18069516288 bytes total used
116331257856 bytes free
141590306816 bytes available
testpi/admin# ncs key importkey 214863947200291.key 214863947200291.crt repository defaultRepo
The NCS server is running. Changes will take affect on the next server restart
Importing RSA key and matching certificate
testpi/admin# ncs key importsignedcert 214863947200291.crt repository defaultRepo
The NCS server is running. Changes will take affect on the next server restart
Importing signed certificate for key
testpi/admin# reload
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Continue with reboot? [y/n] y
I also tired generated CSR from Prime. and i signed the cert use my CA Server.
when i import the cert file. it come an error
--
testpi/admin# ncs key importsignedcert ssu.crt repository defaultRepo
The NCS server is running. Changes will take affect on the next server restart
Importing signed certificate for key
Error importing key java.security.KeyStoreException: New certificate does not match key for tomcat
ERROR: ncs key importsignedcert command failed. rval:256
--
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: