Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
693
Views
1
Helpful
1
Replies

CMS Certificates

oquindle.bennett
Level 1
Level 1

‎12-13-2021 12:44 PM

I'm getting the below error after loading my commoncert.cer to CMS when run a "PKI inspect" I posted a question early but at almost 100 views and no answer. I wonder if I'm asking the wrong thing. Attempting to set up CMS. WE have three server CMS1,2,and 3. I create the commoncert.csr on CMS 1. Submitted to my authority for signing. Received them back. Attempting to upload back to CMS with required bundles but lost.

 

"Checking ssh public keys...not found
Checking user configured certificates and keys...found
File contains a PEM encoded certificate"

 

 

0 Helpful
1 Reply 1

Mohammadreza Hadi
Level 3
Level 3

‎11-10-2025 10:42 AM - edited ‎11-10-2025 11:32 AM

Hi dear @oquindle.bennett 

I had the same issue — normalizing the PEM format fixed it.
CMS is very strict about certificate header/footer structure..

You can read this instruction.. to fix your issue >>

It looks like your certificate is in PEM format but not properly normalized,
so Cisco Meeting Server (CMS) can’t fully parse it when you run pki inspect.
CMS is very strict about certificate formatting — it only accepts clean PEM or DER files with standard headers.

Here’s what you should check and do:

#1. Confirm the format.The file must begin and end exactly like this:
-----BEGIN CERTIFICATE-----
(Base64 content, no spaces)
-----END CERTIFICATE-----
If those headers or line breaks are missing or inconsistent, CMS won’t recognize the file correctly.


#2. Remove any extra characters or BOM.

Open the file in a plain-text editor (like vi, nano, or Notepad++) and make sure there are no blank lines, spaces, or hidden BOM characters before the “BEGIN CERTIFICATE”.


#3. Convert or normalize the certificate (if needed).

If you suspect corruption or mixed format:

Use OpenSSL to re‑export a clean PEM:
openssl x509 -in commoncert.cer -out commoncert-normalized.pem

Then upload and inspect this normalized file on CMS:
pki inspect commoncert-normalized.pem


#4. If this is the signed certificate for your CSR:Make sure you import it with the matching private key name you used when generating the CSR (for example, callbridge or webadmin):
pki import cert callbridge /tmp/commoncert-normalized.pem

The certificate’s public key must match the private key stored on CMS, otherwise TLS setup will fail.


#5. If your CA provided a certificate chain:Combine all CA and intermediate certificates into a single file (each block has its own BEGIN/END lines):
-----BEGIN CERTIFICATE-----
(Server cert)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Intermediate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root)
-----END CERTIFICATE-----

Then import that chain:
pki import chain chain.pem

After those steps, pki inspect should show Subject, Issuer, and Validity details — confirming the CMS now recognizes it properly.

(Rate by "Helpful" or "Accept") (محمدرضا هادی_ایران) (Email: morez.hadi@gmail.com)
Customers Also Viewed These Support Documents