Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
277
Views
0
Helpful
1
Replies

RV340 SSL Certificate Import Failure

PatODonovan
Level 1
Level 1

‎08-17-2022 08:44 AM

Client is using a Network Solutions SSL Certificate on the RV340 K9-V04 fw 1.0.03.27 to support AnyConnect.  This is the second renewal of the certificate.  The certificate signing requests in all cases are being generated on the RV340.  On both previous installs it was necessary to import the intermediate level certificate in CRT format, then the router certificate in CRT format, then export the router certificate in PKCS#12 format.  The CRT certificates were then removed and the PKCS#12 certificate imported.  (note: AnyConnect would not work with the CRT formatted certificate selected for SSLVPN).  This year the intermediate certificate uploaded successfully, but the router certificate upload fails.  The CSR has been regenerated and submitted to Network Solutions for rekeying, and this did not change the pattern.  The requests follow the same format as always, as documented in "SMB5463 - Manage Certificates on the RV34X Series Router".  The certificate "detail" tab shows that the CRT's (existing and new) have all the same data for the non-unique fields.

Any tools that I can find to convert the certificate to PKCS#12 externally require the "private key file" in addition to everything that I have (Root, intermediate, and device CRT files).  It is my understanding that the private key is retained on the device creating the CSR, and it is not exportable from the RV340 as far as I can tell.

Any suggestions, my client has two weeks before AnyConnect becomes unusable.

 

Labels:
0 Helpful
1 Reply 1

train_wreck
Level 1
Level 1

‎08-24-2022 09:25 PM - edited ‎08-24-2022 09:37 PM

I have found the certificate implementation on these routers to be very finicky. One limitation I have found is that it does not like when importing a cert/key that has the same filename as an existing cert. I have had to rename the files before importing, then it accepts it. I have seen this problem persist unless a full reset "with certificates"  is ran. And what you say is correct, private keys generated on device cannot be exported.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents