Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3427
Views
0
Helpful
4
Replies

Import Certificates

Go to solution
Mattias Andersson
Level 1
Level 1

‎03-07-2011 08:19 AM - edited ‎03-01-2019 09:51 AM

Hi,

I have two problems both I think regarding SSL/TLS somehow.

I have come as far a creating the Trust Points for the respective CAs  signing the certificates in question.

1) I want to configure LDAP with SSL connecting to our AD

Still, choosing SSL in the LDAP provider gives me no error message, but  fails connecting. (To which TP does it verify? I don't chose any)

2) I want to use(import) a existing wildcard certificate for HTTPS to UCSM.

I have problems figuring out how to do this import.

I create a new key ring and chose the TP which have signed the certificate.

But pasting the private and public keys in format(private key has no passphrase)

------------------------------------------------------------------

-----BEGIN CERTIFICATE-----

cerrtificate goes here

-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----

private key goes here

-----END RSA PRIVATE KEY-----

-------------------------------------------------------------------

yeilds in the error message: "Failed to verify certificate with private key"

Should the both keys be pasted toghether like that?

In which format should the private key be? The traditional SSLeay compatible format or the newer PKCS#8 format.

Could you please advice?

Best regards

/Mattias

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Mathew Lewit
Cisco Employee
Cisco Employee

‎03-07-2011 04:29 PM

There was a good thread on setting up LDAP and SSL previously in the forums.   I would take a look at this first.

https://supportforums.cisco.com/message/3150609#3150609

View solution in original post

0 Helpful

Go to solution
HAROLD MEIER
Level 1
Level 1

‎03-08-2011 10:52 AM

On your problem #2: The way I understand what you're trying to do is that you do not want UCSM to generate a certificate request. You want to import an existing private key. I have not seen any documentation to say that is possible, but I'd open a ticket with TAC to be sure.

As for LDAP encryption, try to follow that guide in the previous post. The best way to approach that is in baby steps. Make sure you're still working at each step along the way. First with no encryption, then with a trust point, then with SSL turned on, and make sure you have the ability to log in with a local Admin account if it doesn't work.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Mathew Lewit
Cisco Employee
Cisco Employee

‎03-07-2011 04:29 PM

There was a good thread on setting up LDAP and SSL previously in the forums.   I would take a look at this first.

https://supportforums.cisco.com/message/3150609#3150609

0 Helpful

Go to solution
Mattias Andersson
Level 1
Level 1
In response to Mathew Lewit

‎03-11-2011 12:52 AM

Thanky you Mathew, that previuos posting (which I did not find) did solve my problem.

Best regards

/Mattias

0 Helpful

Go to solution
HAROLD MEIER
Level 1
Level 1

‎03-08-2011 10:52 AM

On your problem #2: The way I understand what you're trying to do is that you do not want UCSM to generate a certificate request. You want to import an existing private key. I have not seen any documentation to say that is possible, but I'd open a ticket with TAC to be sure.

As for LDAP encryption, try to follow that guide in the previous post. The best way to approach that is in baby steps. Make sure you're still working at each step along the way. First with no encryption, then with a trust point, then with SSL turned on, and make sure you have the ability to log in with a local Admin account if it doesn't work.

0 Helpful

Go to solution
Mattias Andersson
Level 1
Level 1
In response to HAROLD MEIER

‎03-11-2011 12:55 AM

Thank you Harold,

It seams you are right in your assumtion that one can not currently import an existing private key.

(So I will have to make a new request and get it signed by our internal CA)

Best regards

/Mattias

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card