cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1387
Views
0
Helpful
2
Replies

cEdge certificate installation error

msizi.mthembu
Level 1
Level 1

Hello,

I am trying to install a cert on a lab cEdge device and get the below error.

LAB-IDA-RTR-01#$ware sdwan certificate install bootflash:ROOTCA.pem
Installing certificate via VPN 0
Copying ... /bootflash/ROOTCA.pem via VPN 0
System organization name [LAB-111] does not match with cert subject's OU [].
Failed to install the certificate !!
DEBUG item does not exist - cli command error
Error executing command: item does not exist - cli command error
LAB-IDA-RTR-01#

I have checked my cert against the one on the CA on the vmanage.

vManage-1:~$ ls -l | grep ROOT
-rw-r--r-- 1 admin admin 1675 Dec  7 07:30 ROOTCA.key
-rw-r--r-- 1 admin admin 1261 Dec  7 07:30 ROOTCA.pem
-rw-r--r-- 1 admin admin   17 Dec  7 07:48 ROOTCA.srl
vManage-1:~$
vManage-1:~$
vManage-1:~$ history | grep ROOTCA.pem
    8  openssl req -x509 -new -nodes -key ROOTCA.key -sha256 -days 2000 -subj "/C=ZA/ST=KZN/L=DBN/O=LAB-111/CN=msizi.local" -out ROOTCA.pem

vManage-1:~$ cat ROOTCA.pem
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIJAOjVd6vcrEirMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV
BAYTAlpBMQwwCgYDVQQIDANLWk4xDDAKBgNVBAcMA0RCTjEQMA4GA1UECgwHTEFC
LTExMTEUMBIGA1UEAwwLbXNpemkubG9jYWwwHhcNMjIxMjA3MDczMDQzWhcNMjgw
NTI5MDczMDQzWjBRMQswCQYDVQQGEwJaQTEMMAoGA1UECAwDS1pOMQwwCgYDVQQH
DANEQk4xEDAOBgNVBAoMB0xBQi0xMTExFDASBgNVBAMMC21zaXppLmxvY2FsMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxS9iXTuxQLgDhvbb4Fx9tXzn
jRNwOl0DXeiIbGCr5DxWbXbCogoJNGaQ9zbEGHBh6TK98Z5xsAeUSJsO4bAwBRiz
lkwr9I3mYQ+bTqWpcrQooA2Zxb7EVTcaUixhgG05MZru48Hq3wsiTjhISlGrpAHW
0NLEmLP/x09NuMkRIU0ldd8TzIeqgPMahepJWUf7X/Z+d6z0gFts96mxXHsvQ2rm
pmGhEKTeQIYfaRlRzG+cO/C2LtGi2bwAy/Vy3IosQ1sMdf6Qutok7qvOKd1+ofAr
RXb9TSPuTLR0zyBmZFVGT/abMwJfrqWlbxPeIkyrwDVlvVjAUktpII9Gx0yp7wID
AQABo1AwTjAdBgNVHQ4EFgQUEkksJFxI8y6afIKNOG5e8JeCAkswHwYDVR0jBBgw
FoAUEkksJFxI8y6afIKNOG5e8JeCAkswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAdne+0SNAqRvjIY7gZPEA++EellMRX5jhRN66dz0vxn9tuOP7Il0W
XepbNOzku0ect2pn97V7OYsLOsOUSp/1pkP0XvXT6FTi7bwH9KamTbL2e8YUbH1g
k77zP8G1cjPjoty7xDTEJEz8/CraR65FSmWKbCImBdhy9V+ePcI4Eq/3bpjaCRLk
xlK6iXlWt5ztbHR9HhrcsQTVb9JkWLbg/9YFDJdx1bNCXAObTR1yxRxDLGBswL78
iNH4UETd4nIh1MUBvJyC8167WoGCwaVGtFQdcqtyO7R9CobW9upuai1xEIz4x6Ud
E4eNXoIaL1xa5TlN/wTCNm6S5lGmBe1Rww==
-----END CERTIFICATE-----

Cert on the cEdge

LAB-IDA-RTR-01#more bootflash:ROOTCA.pem
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIJAOjVd6vcrEirMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV
BAYTAlpBMQwwCgYDVQQIDANLWk4xDDAKBgNVBAcMA0RCTjEQMA4GA1UECgwHTEFC
LTExMTEUMBIGA1UEAwwLbXNpemkubG9jYWwwHhcNMjIxMjA3MDczMDQzWhcNMjgw
NTI5MDczMDQzWjBRMQswCQYDVQQGEwJaQTEMMAoGA1UECAwDS1pOMQwwCgYDVQQH
DANEQk4xEDAOBgNVBAoMB0xBQi0xMTExFDASBgNVBAMMC21zaXppLmxvY2FsMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxS9iXTuxQLgDhvbb4Fx9tXzn
jRNwOl0DXeiIbGCr5DxWbXbCogoJNGaQ9zbEGHBh6TK98Z5xsAeUSJsO4bAwBRiz
lkwr9I3mYQ+bTqWpcrQooA2Zxb7EVTcaUixhgG05MZru48Hq3wsiTjhISlGrpAHW
0NLEmLP/x09NuMkRIU0ldd8TzIeqgPMahepJWUf7X/Z+d6z0gFts96mxXHsvQ2rm
pmGhEKTeQIYfaRlRzG+cO/C2LtGi2bwAy/Vy3IosQ1sMdf6Qutok7qvOKd1+ofAr
RXb9TSPuTLR0zyBmZFVGT/abMwJfrqWlbxPeIkyrwDVlvVjAUktpII9Gx0yp7wID
AQABo1AwTjAdBgNVHQ4EFgQUEkksJFxI8y6afIKNOG5e8JeCAkswHwYDVR0jBBgw
FoAUEkksJFxI8y6afIKNOG5e8JeCAkswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAdne+0SNAqRvjIY7gZPEA++EellMRX5jhRN66dz0vxn9tuOP7Il0W
XepbNOzku0ect2pn97V7OYsLOsOUSp/1pkP0XvXT6FTi7bwH9KamTbL2e8YUbH1g
k77zP8G1cjPjoty7xDTEJEz8/CraR65FSmWKbCImBdhy9V+ePcI4Eq/3bpjaCRLk
xlK6iXlWt5ztbHR9HhrcsQTVb9JkWLbg/9YFDJdx1bNCXAObTR1yxRxDLGBswL78
iNH4UETd4nIh1MUBvJyC8167WoGCwaVGtFQdcqtyO7R9CobW9upuai1xEIz4x6Ud
E4eNXoIaL1xa5TlN/wTCNm6S5lGmBe1Rww==
-----END CERTIFICATE-----

Kindly advise.
Regards,
Msizi

1 Accepted Solution

Accepted Solutions

bahkobg85
Level 1
Level 1

Msizi,

I think you try to install the root certificate using the CLI command for installing a device certificate. I think you should try with "request platform software sdwan root-cert-chain install bootflash:ROOTCA.pem".

HTH, Ivan 

View solution in original post

2 Replies 2

bahkobg85
Level 1
Level 1

Msizi,

I think you try to install the root certificate using the CLI command for installing a device certificate. I think you should try with "request platform software sdwan root-cert-chain install bootflash:ROOTCA.pem".

HTH, Ivan 

That fixed it, thanks Ivan.

Review Cisco Networking for a $25 gift card