11-27-2014 04:29 PM - edited 03-07-2019 09:42 PM
I have a certificate chain that was issued by an intermediate CA and the certificate chain consists of the router identity certificate, the subordinate ca certificate, and the root ca certificate. The router identity certificate was issued by the subordinate CA. I am currently unable to install both the subordinate ca cert and the root ca cert so they are both installed in the router. If I try the import method then I am told to delete one ca certificate before installing the other; if I try to copy the hex values that show up in running config directly into a certificate chain the second and third certificates to be copied simply overwrite the rest so there remains only one certificate in the certificate chain which is the last one to be copied. I have also read that the whole certificate chain needs to be validated up to the root and that the root certificate can not be installed via an AIA; rather it must be either copied into the router or available from microsoft(which it is not). Does anyone know the procedure to install the whole certificate chain into a router? The two platforms that will need this setup are ASR 1000 and 3945 routers.