cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1089
Views
0
Helpful
3
Replies

SF302-08P Won't Import SSL Certificate?

Sean Bozarth
Level 1
Level 1

We have seven 300 series small business switches, all consistently configured. All running 1.3.5.58 firmware with 1.3.5.06 boot code.

2x SG300-28P V01

1x SF300-24P V01

1x SF300-48 V01

1x SF300-48P V01

1x SF302-08P V01

1x SF302-08P V02

I have successfully assigned certificates from our Microsoft certificate authority (2008 R2) to five of the units, but can not assign certificates to the two SF302-08Ps.

I use the following commands:

config

crypto certificate 1 generate key-generate 2048

exit

crypto certificate 1 request cn XXX ou XXX or XXX loc XXX st CA cu US

config

crypto certificate 1 import

-----BEGIN CERTIFICATE-----

...

-----END CERTIFICATE-----

.

I receive the following error: SSL can't import certificate - conversion of input to certificate failed.

Again, those commands work on five out of seven switches. The only common factor is that they fail on the two small switches.  I have tried rebooting immediately before attempting to generate the key and import the certificate. I tried rebooting immediately before attempting to import the certificate on the existing key. I verify all CSRs and certificates with the utilities here: http://www.sslshopper.com/csr-decoder.html and http://www.sslshopper.com/certificate-decoder.html. I've turned with logging buffer up to level 7 (debugging), but no message is recorded.

Any thoughts on why these two switches won't import my Microsoft CA certificates?

3 Replies 3

Tom Watts
VIP Alumni
VIP Alumni

Sean, could you email me a sample certificate at tmw0402@hotmail.com ?

I'd like to try to reproduce in a lab to see how my switches behave.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Tom,

I have sent you a replay of an effort to generate a CSR and import the certificate issued by our CA. Please let me know if you can reproduce.

Sean

Zachary Parsons
Level 1
Level 1

This seems remarkably similar to my issue: https://supportforums.cisco.com/discussion/12521456/sg300-ssl-certificate-issues-ssl-cant-import-certificate-conversion-input

Did you ever discover what the solution was?

-Zac

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X