06-10-2024 02:07 AM
So it took some effort to import a wildcard SSL certificate into the CBS350. And now the certificate has expired. So I got myself a new wildcard SSL certificate. This certificate is used by multiple systems, like Exchange etc. I noted all steps for importing the certificate into the CBS350. And they don't work. If I select the current active certificate (the expired wildcard certificate) and click Import certificate, copy / paste the new certificate into the field Certificate and click Apply, it displays: SSL can't import certificate - conversion of input to certificate failed. If I click Apply again, without doing anything else, it displays Succes? I close the window and the certificate information reads valid from 2024-jun-10 to 2025-jul-11. So this looks OK. Only thing is - it isn't. If I log off and back on, it still lists a certificate error. When I check the certificate, it doesn't list the CA.
I can't find any info on how to renew a certificate on a Cisco device (or I've been searching incorrectly) so how to solve this problem?
Solved! Go to Solution.
06-11-2024 12:24 AM
I managed to install a new certificate using the CLI as described in this post: Importing wildcard/custom SSL certificate on Cisco SG300 switch - Networking - Spiceworks Community
Your certificate file should look like this:
-----BEGIN CERTIFICATE-----
MIIGmDCCBYCgAwIBAgIQcmR+q4ihWi1sTWfLEFH1QjANBgkqhkiG9w0BAQsFADCB
[ some garbled text ]
DXz0omzVFR9ECGcc
-----END CERTIFICATE-----
Your private key should look like this:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQ
[ some garbled text ]
kHgiAa5fTAcMiDa3OfFiy5cuDxlYTI3PpvxXGRVgM2vw+61Qof47fA==
-----END RSA PRIVATE KEY-----
In order to import a certificate you need a matching public key to your private key.
To generate one use OpenSSL:
openssl rsa -in private.key -pubout -RSAPublicKey_out > public.key
where private.key is your current private key and public.key will be generated.
Your public key should look like this:
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQtss3
[ some garbled text ]
4QFoaUSIUlGI/7ZO/xz2EsbexC0oA7VhUQIDAQAB
-----END RSA PUBLIC KEY-----
Use the below command and paste the contents of your private key, generated public key and the certificate.
sg300(config)#crypto certificate 1 import
Please paste the input now, add a period (.) on a separate line after the input
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQ
[ some garbled text ]
kHgiAa5fTAcMiDa3OfFiy5cuDxlYTI3PpvxXGRVgM2vw+61Qof47fA==
-----END RSA PRIVATE KEY-----
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQtss3
[ some garbled text ]
4QFoaUSIUlGI/7ZO/xz2EsbexC0oA7VhUQIDAQAB
-----END RSA PUBLIC KEY-----
-----BEGIN CERTIFICATE-----
MIIGmDCCBYCgAwIBAgIQcmR+q4ihWi1sTWfLEFH1QjANBgkqhkiG9w0BAQsFADCB
[ some garbled text ]
DXz0omzVFR9ECGcc
-----END CERTIFICATE-----
.
Certificate imported successfully
Issued by :
Valid From: Jul 5 09:42:11 2019 GMT
Valid to: Jul 5 09:42:11 2020 GMT
Subject: C=US, CN=*.example.com
SHA1 Fingerprint: F3897F99 81085F50 08138633 FE678A57 F1AE42D2
sg300(config)#
sg300(config)#ip https certificate 1
sg300(config)#exit
sg300#wr
Overwrite file [startup-config]… (Y/N)[N] ?Y
Copy succeeded
Alternatively you can do the above process via the web UI via ‘Security → SSL Server → SSL Server Authentication Settings’
You can have up to two certificates on the switch.
06-11-2024 12:24 AM
I managed to install a new certificate using the CLI as described in this post: Importing wildcard/custom SSL certificate on Cisco SG300 switch - Networking - Spiceworks Community
Your certificate file should look like this:
-----BEGIN CERTIFICATE-----
MIIGmDCCBYCgAwIBAgIQcmR+q4ihWi1sTWfLEFH1QjANBgkqhkiG9w0BAQsFADCB
[ some garbled text ]
DXz0omzVFR9ECGcc
-----END CERTIFICATE-----
Your private key should look like this:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQ
[ some garbled text ]
kHgiAa5fTAcMiDa3OfFiy5cuDxlYTI3PpvxXGRVgM2vw+61Qof47fA==
-----END RSA PRIVATE KEY-----
In order to import a certificate you need a matching public key to your private key.
To generate one use OpenSSL:
openssl rsa -in private.key -pubout -RSAPublicKey_out > public.key
where private.key is your current private key and public.key will be generated.
Your public key should look like this:
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQtss3
[ some garbled text ]
4QFoaUSIUlGI/7ZO/xz2EsbexC0oA7VhUQIDAQAB
-----END RSA PUBLIC KEY-----
Use the below command and paste the contents of your private key, generated public key and the certificate.
sg300(config)#crypto certificate 1 import
Please paste the input now, add a period (.) on a separate line after the input
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQ
[ some garbled text ]
kHgiAa5fTAcMiDa3OfFiy5cuDxlYTI3PpvxXGRVgM2vw+61Qof47fA==
-----END RSA PRIVATE KEY-----
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQtss3
[ some garbled text ]
4QFoaUSIUlGI/7ZO/xz2EsbexC0oA7VhUQIDAQAB
-----END RSA PUBLIC KEY-----
-----BEGIN CERTIFICATE-----
MIIGmDCCBYCgAwIBAgIQcmR+q4ihWi1sTWfLEFH1QjANBgkqhkiG9w0BAQsFADCB
[ some garbled text ]
DXz0omzVFR9ECGcc
-----END CERTIFICATE-----
.
Certificate imported successfully
Issued by :
Valid From: Jul 5 09:42:11 2019 GMT
Valid to: Jul 5 09:42:11 2020 GMT
Subject: C=US, CN=*.example.com
SHA1 Fingerprint: F3897F99 81085F50 08138633 FE678A57 F1AE42D2
sg300(config)#
sg300(config)#ip https certificate 1
sg300(config)#exit
sg300#wr
Overwrite file [startup-config]… (Y/N)[N] ?Y
Copy succeeded
Alternatively you can do the above process via the web UI via ‘Security → SSL Server → SSL Server Authentication Settings’
You can have up to two certificates on the switch.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide