01-27-2022 10:51 PM
Hi,
I need to upload a certificate + private key + root CA certificate into a Cisco IOS for AnyConnect access. I tried using the command crypto pki import my-trustpoint pem terminal password, however the private key I've been given is not password protected so, I get an "unable to decode key" error after pasting it.
Is there any other way to upload the certificate?
Thanks,
Solved! Go to Solution.
01-27-2022 11:22 PM
Hi @AntonioMacia,
You must combine all three files (private key, certificate, and issuing CA) into one PKCS12 file, and then import that file to Cisco IOS. You can use OpenSSL for combining these files together. Pay attention that Cisco IOS is using Base64 encoded certificate, so you have to format it correctly.
After that, please use crypto pki import my-trustpoint pkcs12 terminal my-password command.
I havent used PEM wariant of this command, but I would assume it is just matter of different certificate formating.
BR,
Milos
01-27-2022 11:22 PM
Hi @AntonioMacia,
You must combine all three files (private key, certificate, and issuing CA) into one PKCS12 file, and then import that file to Cisco IOS. You can use OpenSSL for combining these files together. Pay attention that Cisco IOS is using Base64 encoded certificate, so you have to format it correctly.
After that, please use crypto pki import my-trustpoint pkcs12 terminal my-password command.
I havent used PEM wariant of this command, but I would assume it is just matter of different certificate formating.
BR,
Milos
01-28-2022 03:56 AM
Thanks Milos,
PKCS12 was my second option. I'll let you know as soon as I give it a try.
02-02-2022 10:58 PM
It works. Thanks.
05-31-2023 07:43 AM
Hi @Milos_Jovanovic ,Greetings!
We have an use-case to upload Server Certificate + private key + intermediate certificate into IOS.
We tried with pem option with the command crypto pki import <trustpoint name> pem exportable terminal password <password> creating a CLI session to device and it works.
But we face issues when we try to integrate in java. We use SSHJ client and we write the same cert+key+intercert content into the output-stream and it fails with the error
Unable to decode key.
% PEM files import failed.
We built the content this way -> intermediate cert content + \n + quit + \n + encrypted pvt key + \n + quit + \n + server cert content + \n + quit.
Request your help on this
06-07-2023 01:28 PM
Hi @MageshP2,
I'm not usually manipulating txt files, as I'm not confident in proper formating, which is why I'm using OpenSSL to manipulate these files (combine, split, reformat, etc.).
Kind regards,
Milos
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide