I have been struggling the past few days with installing a new CA signed certificate onto my DNA Center server. First I tried using the API method, but it failed. Even though I had a 2 year cert, the API method was saying it was less than a 2 year cert. I went to the OpenSSL method following the steps in the Cisco Digital Network Architecture Center Security Best Practices Guide.
Everything went well until I received my certificate from Thawte, and started on this step
| Step 7 | Download the certificate (full chain) with DER format and name it dnac-chain.p7b. |
| Step 8 | Copy dnac-chain.p7b that you downloaded in the preceding step to the Cisco DNA Center cluster through SSH. |
| Step 9 | Enter the following command: openssl pkcs7 -in dnac-chain.p7b -inform DER -out dnac-chain.pem -print_certs |
I already receive a .p7b from Thawte, but when I run the command in Step 9, I get the following
$ openssl pkcs7 -in dnac-chain.p7b -inform DER -out dnac-chain.pem -print_certs
unable to load PKCS7 object
140373772969624:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1217:
140373772969624:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:386:Type=PKCS7
Any thoughts before I open a case with TAC?
