Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1872
Views
0
Helpful
1
Replies

9200L SSL Certificate issue when using Chrome

JianGao456683
Level 1
Level 1

‎06-26-2019 11:26 AM

I managed installed self signed SSL certificate on 9200L (IOS XE 16.11). It appears working fine in Firefox but not in Chrome. I guess I may missed something so I need help. Thank you.

 

Here is what I did to install the certificates for the HTTP server:

1. Create a trustpoint and generate CSR;

2. Signed the CSR using our Intermediate CA. Generated a host cert and a combined cert;

3. Installed the Intermediate CA cert; (crypto pki authenticate mydomain.trustpoint) 

4. Imported the combined cert; (crypto pki import mydomain.trustpoint certificate)

5. Enabled trust point and let it using mydomain.trustpoint.

 

From my workstation(Centos 7) I tried to access the WebUI via HTTPS, Firefox works just fine. But with Chrome (v70) is it still shows "Not secure".  I noticed that when check the certificate, Chrome only shows the host cert in its "Certificates Hierarchy". It does not include the intermediate cert. 

 

Here is some related CLI out put:

patch-03#show crypto pki trustpoints 
...
Trustpoint 3vg.trustpoint:
    Subject Name: 
    cn=3vG Intermediate CA: 2019-03-20
    ou=IT
    o=mydomain
    l=Vancouver
    st=British Columbia
    c=CA
          Serial Number (hex): 008D1A3A35BD77140135EF62CA2CD07C7F
    Certificate configured.
...




patch-03#show crypto pki certificates       
...
          
Certificate
  Status: Available
  Certificate Serial Number (hex): 406D661C9266D56E9678002854651D4C
  Certificate Usage: General Purpose
  Issuer: 
    cn=3vG Intermediate CA: 2019-03-20
    ou=IT 
    o=mydomain
    l=Vancouver
    st=British Columbia
    c=CA  
  Subject:
    Name: patch-03.van.mydomain.com
    cn=patch-03.van.mydomain.com
    ou=IT 
    o=mydomain
    l=Vancouver
    st=British Columbia
    c=CA  
  Validity Date: 
    start date: 14:20:48 UTC Jun 25 2019
    end   date: 14:20:48 UTC Mar 18 2021
  Associated Trustpoints: 3vg.trustpoint 
  Storage: nvram:3vGIntermedi#1D4C.cer
          
CA Certificate
  Status: Available
  Certificate Serial Number (hex): 008D1A3A35BD77140135EF62CA2CD07C7F
  Certificate Usage: Signature
  Issuer: 
    cn=3vG Root CA: 2019-03-20
    ou=IT 
    o=mydomain
    l=Vancouver
    st=British Columbia
    c=CA  
  Subject: 
    cn=3vG Intermediate CA: 2019-03-20
    ou=IT 
    o=mydomain
    l=Vancouver
    st=British Columbia
    c=CA  
  Validity Date: 
    start date: 10:25:55 UTC Mar 20 2019
    end   date: 10:25:55 UTC Mar 19 2021
  Associated Trustpoints: 3vg.trustpoint 
  Storage: nvram:3vGRootCA201#7C7FCA.cer

...

 

 

 

 

3 people had this problem
Labels:
0 Helpful
1 Reply 1

thall
Level 1
Level 1

‎11-21-2019 05:48 AM

My issue is similar, but it is with an ASA 5516. I went so far to use OpenSSL on my Mac to create the certificate, and then exported the P12 file for the ASA. Nothing works.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card