Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

Issue with importing SSL certificate on SG300-28

Mads Fog Albrechtslund
Level 1
Level 1

‎06-14-2016 04:30 AM

Hi

I have a SG300-28 on which I am trying to import a SSL Certificate, Private Key and Public Key, but I can't get it to work.

Information about the SG300-28:

HW VID=02

Active Firmware = 1.4.5.02

Boot Version = 1.3.5.06

I am using the CLI, because the GUI has issues with certificates which are long (the actual text inside the cert), in which the GUI just clips the pasted text.

If I run:

crypto certificate 2 import

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAnhChmJH/KkhHJO9JAdWmUvi7EQSc03CYpZmOasAUhZFjdjvm (clipped actual text)
-----END RSA PRIVATE KEY-----

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhChmJH/KkhHJO9JAdWm (clipped actual text)
-----END PUBLIC KEY-----

-----BEGIN CERTIFICATE-----
MIIF/TCCBOWgAwIBAgIQUHknZOKEMNFLLCkD1nt3vDANBgkqhkiG9w0BAQsFADB4 (clipped actual text)
-----END CERTIFICATE-----

I get the following error:

Wrong public key header format

After carefully reading the manual, I see that the CLI crypt certificate import function, expects the PUBLIC KEY header to actually be "BEGIN RSA PUBLIC KEY", even though that is not how a public key should be formatted.

Trying again with edited PUBLIC KEY header:

crypto certificate 2 import

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAnhChmJH/KkhHJO9JAdWmUvi7EQSc03CYpZmOasAUhZFjdjvm (clipped actual text)
-----END RSA PRIVATE KEY-----

-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhChmJH/KkhHJO9JAdWm (clipped actual text)
-----END RSA PUBLIC KEY-----

-----BEGIN CERTIFICATE-----
MIIF/TCCBOWgAwIBAgIQUHknZOKEMNFLLCkD1nt3vDANBgkqhkiG9w0BAQsFADB4 (clipped actual text)
-----END CERTIFICATE-----

I get the following error:

Failed to load public key

If I try to omit the PUBLIC KEY completely:

crypto certificate 2 import

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAnhChmJH/KkhHJO9JAdWmUvi7EQSc03CYpZmOasAUhZFjdjvm (clipped actual text)
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
MIIF/TCCBOWgAwIBAgIQUHknZOKEMNFLLCkD1nt3vDANBgkqhkiG9w0BAQsFADB4 (clipped actual text)
-----END CERTIFICATE-----

I get the following error:

SSL saved private key did not match the imported certificate.

Information about the Certificate:

Certificate CSR was generated on a Mac, running Mac OS X 10.10.5 Yosemite, withOpenSSL 0.9.8zg

CSR and Key generated using the following command:

openssl req -new -newkey rsa:2048 -nodes -out sg300.csr -keyout sg300.key -subj "/C=DK/ST=Jylland/L=Hedensted/O=Hazenet/OU=Home/CN=sg300.hazenet.dk"

The CSR was signed at StartSSL, using their free Class 1 service.

Anybody knows how to get this to work?

Either in CLI or in GUI.

I would prefer to be able to import this certificate, and not needing to generate a new certificate on the actual SG300 switch, using the GUI or CLI.

2 people had this problem
Labels:
Who Me Too'd this topic