Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
161
Views
0
Helpful
1
Replies

CBS350 renew wildcard SSL certificate

Go to solution
Simon Weel
Level 1
Level 1

‎06-10-2024 02:07 AM

So it took some effort to import a wildcard SSL certificate into the CBS350. And now the certificate has expired. So I got myself a new wildcard SSL certificate. This certificate is used by multiple systems, like Exchange etc. I noted all steps for importing the certificate into the CBS350. And they don't work. If I select the current active certificate (the expired wildcard certificate) and click Import certificate, copy / paste the new certificate into the field Certificate and click Apply, it displays: SSL can't import certificate - conversion of input to certificate failed. If I click Apply again, without doing anything else, it displays Succes? I close the window and the certificate information reads valid from 2024-jun-10 to 2025-jul-11. So this looks OK. Only thing is - it isn't. If I log off and back on, it still lists a certificate error. When I check the certificate, it doesn't list the CA.

I can't find any info on how to renew a certificate on a Cisco device (or I've been searching incorrectly) so how to solve this problem?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Simon Weel
Level 1
Level 1

‎06-11-2024 12:24 AM

I managed to install a new certificate using the CLI as described in this post: Importing wildcard/custom SSL certificate on Cisco SG300 switch - Networking - Spiceworks Community

 
How to import a custom (either commercial or self-signed) SSL certificate to Cisco SG300 switch

Step 1: Verify your certificate and private key

Your certificate file should look like this:
-----BEGIN CERTIFICATE-----
MIIGmDCCBYCgAwIBAgIQcmR+q4ihWi1sTWfLEFH1QjANBgkqhkiG9w0BAQsFADCB
[ some garbled text ]
DXz0omzVFR9ECGcc
-----END CERTIFICATE-----

Your private key should look like this:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQ
[ some garbled text ]
kHgiAa5fTAcMiDa3OfFiy5cuDxlYTI3PpvxXGRVgM2vw+61Qof47fA==
-----END RSA PRIVATE KEY-----

Step 2: Generate public key from private key

In order to import a certificate you need a matching public key to your private key.
To generate one use OpenSSL:
openssl rsa -in private.key -pubout -RSAPublicKey_out > public.key

where private.key is your current private key and public.key will be generated.

Your public key should look like this:
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQtss3
[ some garbled text ]
4QFoaUSIUlGI/7ZO/xz2EsbexC0oA7VhUQIDAQAB
-----END RSA PUBLIC KEY-----

Step 3: Import certificate and keys to the switch

Use the below command and paste the contents of your private key, generated public key and the certificate.

sg300(config)#crypto certificate 1 import
Please paste the input now, add a period (.) on a separate line after the input
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQ
[ some garbled text ]
kHgiAa5fTAcMiDa3OfFiy5cuDxlYTI3PpvxXGRVgM2vw+61Qof47fA==
-----END RSA PRIVATE KEY-----
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQtss3
[ some garbled text ]
4QFoaUSIUlGI/7ZO/xz2EsbexC0oA7VhUQIDAQAB
-----END RSA PUBLIC KEY-----
-----BEGIN CERTIFICATE-----
MIIGmDCCBYCgAwIBAgIQcmR+q4ihWi1sTWfLEFH1QjANBgkqhkiG9w0BAQsFADCB
[ some garbled text ]
DXz0omzVFR9ECGcc
-----END CERTIFICATE-----
.
Certificate imported successfully
Issued by :
Valid From: Jul 5 09:42:11 2019 GMT
Valid to: Jul 5 09:42:11 2020 GMT
Subject: C=US, CN=*.example.com
SHA1 Fingerprint: F3897F99 81085F50 08138633 FE678A57 F1AE42D2

sg300(config)#

Step 4: Enable HTTPS with the uploaded certificate

sg300(config)#ip https certificate 1
sg300(config)#exit
sg300#wr
Overwrite file [startup-config]… (Y/N)[N] ?Y
Copy succeeded

Alternatively you can do the above process via the web UI via ‘Security → SSL Server → SSL Server Authentication Settings’

You can have up to two certificates on the switch.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Simon Weel
Level 1
Level 1

‎06-11-2024 12:24 AM

I managed to install a new certificate using the CLI as described in this post: Importing wildcard/custom SSL certificate on Cisco SG300 switch - Networking - Spiceworks Community

 
How to import a custom (either commercial or self-signed) SSL certificate to Cisco SG300 switch

Step 1: Verify your certificate and private key

Your certificate file should look like this:
-----BEGIN CERTIFICATE-----
MIIGmDCCBYCgAwIBAgIQcmR+q4ihWi1sTWfLEFH1QjANBgkqhkiG9w0BAQsFADCB
[ some garbled text ]
DXz0omzVFR9ECGcc
-----END CERTIFICATE-----

Your private key should look like this:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQ
[ some garbled text ]
kHgiAa5fTAcMiDa3OfFiy5cuDxlYTI3PpvxXGRVgM2vw+61Qof47fA==
-----END RSA PRIVATE KEY-----

Step 2: Generate public key from private key

In order to import a certificate you need a matching public key to your private key.
To generate one use OpenSSL:
openssl rsa -in private.key -pubout -RSAPublicKey_out > public.key

where private.key is your current private key and public.key will be generated.

Your public key should look like this:
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQtss3
[ some garbled text ]
4QFoaUSIUlGI/7ZO/xz2EsbexC0oA7VhUQIDAQAB
-----END RSA PUBLIC KEY-----

Step 3: Import certificate and keys to the switch

Use the below command and paste the contents of your private key, generated public key and the certificate.

sg300(config)#crypto certificate 1 import
Please paste the input now, add a period (.) on a separate line after the input
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQ
[ some garbled text ]
kHgiAa5fTAcMiDa3OfFiy5cuDxlYTI3PpvxXGRVgM2vw+61Qof47fA==
-----END RSA PRIVATE KEY-----
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEArWzkKUGgps1yL2zP+FnSi/VHBwVwVwQhhEasfft7Q8oq2AXQtss3
[ some garbled text ]
4QFoaUSIUlGI/7ZO/xz2EsbexC0oA7VhUQIDAQAB
-----END RSA PUBLIC KEY-----
-----BEGIN CERTIFICATE-----
MIIGmDCCBYCgAwIBAgIQcmR+q4ihWi1sTWfLEFH1QjANBgkqhkiG9w0BAQsFADCB
[ some garbled text ]
DXz0omzVFR9ECGcc
-----END CERTIFICATE-----
.
Certificate imported successfully
Issued by :
Valid From: Jul 5 09:42:11 2019 GMT
Valid to: Jul 5 09:42:11 2020 GMT
Subject: C=US, CN=*.example.com
SHA1 Fingerprint: F3897F99 81085F50 08138633 FE678A57 F1AE42D2

sg300(config)#

Step 4: Enable HTTPS with the uploaded certificate

sg300(config)#ip https certificate 1
sg300(config)#exit
sg300#wr
Overwrite file [startup-config]… (Y/N)[N] ?Y
Copy succeeded

Alternatively you can do the above process via the web UI via ‘Security → SSL Server → SSL Server Authentication Settings’

You can have up to two certificates on the switch.

0 Helpful
Customers Also Viewed These Support Documents