12-07-2022 02:46 AM
Hello,
I am trying to install a cert on a lab cEdge device and get the below error.
LAB-IDA-RTR-01#$ware sdwan certificate install bootflash:ROOTCA.pem
Installing certificate via VPN 0
Copying ... /bootflash/ROOTCA.pem via VPN 0
System organization name [LAB-111] does not match with cert subject's OU [].
Failed to install the certificate !!
DEBUG item does not exist - cli command error
Error executing command: item does not exist - cli command error
LAB-IDA-RTR-01#
I have checked my cert against the one on the CA on the vmanage.
vManage-1:~$ ls -l | grep ROOT
-rw-r--r-- 1 admin admin 1675 Dec 7 07:30 ROOTCA.key
-rw-r--r-- 1 admin admin 1261 Dec 7 07:30 ROOTCA.pem
-rw-r--r-- 1 admin admin 17 Dec 7 07:48 ROOTCA.srl
vManage-1:~$
vManage-1:~$
vManage-1:~$ history | grep ROOTCA.pem
8 openssl req -x509 -new -nodes -key ROOTCA.key -sha256 -days 2000 -subj "/C=ZA/ST=KZN/L=DBN/O=LAB-111/CN=msizi.local" -out ROOTCA.pem
vManage-1:~$ cat ROOTCA.pem
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIJAOjVd6vcrEirMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV
BAYTAlpBMQwwCgYDVQQIDANLWk4xDDAKBgNVBAcMA0RCTjEQMA4GA1UECgwHTEFC
LTExMTEUMBIGA1UEAwwLbXNpemkubG9jYWwwHhcNMjIxMjA3MDczMDQzWhcNMjgw
NTI5MDczMDQzWjBRMQswCQYDVQQGEwJaQTEMMAoGA1UECAwDS1pOMQwwCgYDVQQH
DANEQk4xEDAOBgNVBAoMB0xBQi0xMTExFDASBgNVBAMMC21zaXppLmxvY2FsMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxS9iXTuxQLgDhvbb4Fx9tXzn
jRNwOl0DXeiIbGCr5DxWbXbCogoJNGaQ9zbEGHBh6TK98Z5xsAeUSJsO4bAwBRiz
lkwr9I3mYQ+bTqWpcrQooA2Zxb7EVTcaUixhgG05MZru48Hq3wsiTjhISlGrpAHW
0NLEmLP/x09NuMkRIU0ldd8TzIeqgPMahepJWUf7X/Z+d6z0gFts96mxXHsvQ2rm
pmGhEKTeQIYfaRlRzG+cO/C2LtGi2bwAy/Vy3IosQ1sMdf6Qutok7qvOKd1+ofAr
RXb9TSPuTLR0zyBmZFVGT/abMwJfrqWlbxPeIkyrwDVlvVjAUktpII9Gx0yp7wID
AQABo1AwTjAdBgNVHQ4EFgQUEkksJFxI8y6afIKNOG5e8JeCAkswHwYDVR0jBBgw
FoAUEkksJFxI8y6afIKNOG5e8JeCAkswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAdne+0SNAqRvjIY7gZPEA++EellMRX5jhRN66dz0vxn9tuOP7Il0W
XepbNOzku0ect2pn97V7OYsLOsOUSp/1pkP0XvXT6FTi7bwH9KamTbL2e8YUbH1g
k77zP8G1cjPjoty7xDTEJEz8/CraR65FSmWKbCImBdhy9V+ePcI4Eq/3bpjaCRLk
xlK6iXlWt5ztbHR9HhrcsQTVb9JkWLbg/9YFDJdx1bNCXAObTR1yxRxDLGBswL78
iNH4UETd4nIh1MUBvJyC8167WoGCwaVGtFQdcqtyO7R9CobW9upuai1xEIz4x6Ud
E4eNXoIaL1xa5TlN/wTCNm6S5lGmBe1Rww==
-----END CERTIFICATE-----
Cert on the cEdge
LAB-IDA-RTR-01#more bootflash:ROOTCA.pem
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIJAOjVd6vcrEirMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV
BAYTAlpBMQwwCgYDVQQIDANLWk4xDDAKBgNVBAcMA0RCTjEQMA4GA1UECgwHTEFC
LTExMTEUMBIGA1UEAwwLbXNpemkubG9jYWwwHhcNMjIxMjA3MDczMDQzWhcNMjgw
NTI5MDczMDQzWjBRMQswCQYDVQQGEwJaQTEMMAoGA1UECAwDS1pOMQwwCgYDVQQH
DANEQk4xEDAOBgNVBAoMB0xBQi0xMTExFDASBgNVBAMMC21zaXppLmxvY2FsMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxS9iXTuxQLgDhvbb4Fx9tXzn
jRNwOl0DXeiIbGCr5DxWbXbCogoJNGaQ9zbEGHBh6TK98Z5xsAeUSJsO4bAwBRiz
lkwr9I3mYQ+bTqWpcrQooA2Zxb7EVTcaUixhgG05MZru48Hq3wsiTjhISlGrpAHW
0NLEmLP/x09NuMkRIU0ldd8TzIeqgPMahepJWUf7X/Z+d6z0gFts96mxXHsvQ2rm
pmGhEKTeQIYfaRlRzG+cO/C2LtGi2bwAy/Vy3IosQ1sMdf6Qutok7qvOKd1+ofAr
RXb9TSPuTLR0zyBmZFVGT/abMwJfrqWlbxPeIkyrwDVlvVjAUktpII9Gx0yp7wID
AQABo1AwTjAdBgNVHQ4EFgQUEkksJFxI8y6afIKNOG5e8JeCAkswHwYDVR0jBBgw
FoAUEkksJFxI8y6afIKNOG5e8JeCAkswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAdne+0SNAqRvjIY7gZPEA++EellMRX5jhRN66dz0vxn9tuOP7Il0W
XepbNOzku0ect2pn97V7OYsLOsOUSp/1pkP0XvXT6FTi7bwH9KamTbL2e8YUbH1g
k77zP8G1cjPjoty7xDTEJEz8/CraR65FSmWKbCImBdhy9V+ePcI4Eq/3bpjaCRLk
xlK6iXlWt5ztbHR9HhrcsQTVb9JkWLbg/9YFDJdx1bNCXAObTR1yxRxDLGBswL78
iNH4UETd4nIh1MUBvJyC8167WoGCwaVGtFQdcqtyO7R9CobW9upuai1xEIz4x6Ud
E4eNXoIaL1xa5TlN/wTCNm6S5lGmBe1Rww==
-----END CERTIFICATE-----
Kindly advise.
Regards,
Msizi
Solved! Go to Solution.
12-07-2022 03:06 AM
Msizi,
I think you try to install the root certificate using the CLI command for installing a device certificate. I think you should try with "request platform software sdwan root-cert-chain install bootflash:ROOTCA.pem".
HTH, Ivan
12-07-2022 03:06 AM
Msizi,
I think you try to install the root certificate using the CLI command for installing a device certificate. I think you should try with "request platform software sdwan root-cert-chain install bootflash:ROOTCA.pem".
HTH, Ivan
12-07-2022 03:12 AM
That fixed it, thanks Ivan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide