cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

1593
Views
5
Helpful
2
Replies
scott.parr
Beginner

Problems Installing SSL Certificates on a RV325

Im fairly new to the interface of this router and I need some assistance installing my external certificates on my RV32x Router.  

I created my CSR, provided it to the SSL Authority.  Both my web certificate (X.509) and my Intermediate CA were provided to me.   The router is requesting .PEM formatted certs, so I ensured that the format of the certificates followed the text anchor lines (BEGIN CERTIFICATE and END CERTIFICATE).

No matter what I do, no matter what order, format, combination of keys (X.509 and Intermediate CA) - and I went so far as to reissue the certificates and start from the beginning.  I re-created the CSR, had the SSL Authority send me new keys, and tried the steps again (In the case that I missed something, missed a step, or SOMETHING...). I even went out to the CA and got alternate CAs in the case there was an issue there.

I have gotten errors where it says that the "Certification Key is invalid."  "Verify the Public Key for date and time ...", etc.  All seem like errors that don't relate to the action I was performing.

Has anyone had this same experience and found a way through it?   I thought I was pretty knowledgable in this area, but i'm starting to second guess myself!  :)  Any assistance would be greatly appreciated.   It really shouldn't be this difficult!

2 REPLIES 2
ciscojoe837
Beginner

I've never been able to install certs on these RV units.  Called Support and they couldn't do it either.  Said that there must be something wrong with my cert -- even though it works on every other device.

Tried it again today thinking the problem would have been fixed, then I found this post. 

Cisco should provide the correct documentation on this and fix the problem.  How does it make it out of QA is a puzzle. 

Again, I have no problems with any other device to date except the RV's.

This product has other problems with the VPN client as well just so you know -- there isn't one!  They should just make it work with AnyConnect like the ISA500's that were released for two weeks then went EOL.

Eureka!

I tried every combination I thought possible and almost gave up again then I got the combination that worked.

1. Install Intermediate Certificate -- Certificate Management>Trusted SSL Certificate

2. Make a new .pem file out of the Intermediate Certificate and Server Certificate Key. Just do this in Notepad.  I copied and pasted the Intermediate Certificate and Server Certificate Key exactly as is, no spaces, no lines feeds.  I named the file chaincombo.pem

3. Make a new .pem file out of your Private Key and Server Certificate Key.  Just do this in Notepad.  I copied and pasted the Private key first, then the Server Key exactly as is, no spaces, no line feeds. I named the file combo.pem

4.  Note:  You can open or associate your .pem .crt .key files with Notepad in Windows if you want.  That's what I did.  That makes the opening of the files easier.

5.  Install your custom / 3rd party Certificate -- Certificate Management>My Certificate>Import From PC

6. For the CA Certificate:  This is the combo file you created in step 2 -- Intermediate Cert + Server Cert Key.

7. For the Certificate + Private Key:  This is the combo file you created in step 3 -- Private Key + Server Key.

8. Hit Save and it should upload with no errors.

9. Select the 3rd-Party Authorized Radio Button then the Select as Primary Certificate under Certificate Management>My Certificate

Let me know how that goes for anyone having problems with this issue.