Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2634
Views
10
Helpful
5
Replies

Adding certificate in IOS

Go to solution
AntonioMacia
Level 1
Level 1

‎01-27-2022 10:51 PM

Hi,

 

I need to upload a certificate + private key + root CA certificate into a Cisco IOS for AnyConnect access. I tried using the command crypto pki import my-trustpoint pem terminal password, however the private key I've been given is not password protected so, I get an "unable to decode key" error after pasting it. 

Is there any other way to upload the certificate?

 

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎01-27-2022 11:22 PM

Hi @AntonioMacia,

You must combine all three files (private key, certificate, and issuing CA) into one PKCS12 file, and then import that file to Cisco IOS. You can use OpenSSL for combining these files together. Pay attention that Cisco IOS is using Base64 encoded certificate, so you have to format it correctly.

After that, please use crypto pki import my-trustpoint pkcs12 terminal my-password command.

I havent used PEM wariant of this command, but I would assume it is just matter of different certificate formating.

BR,

Milos

View solution in original post

5 Replies 5

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎01-27-2022 11:22 PM

Hi @AntonioMacia,

You must combine all three files (private key, certificate, and issuing CA) into one PKCS12 file, and then import that file to Cisco IOS. You can use OpenSSL for combining these files together. Pay attention that Cisco IOS is using Base64 encoded certificate, so you have to format it correctly.

After that, please use crypto pki import my-trustpoint pkcs12 terminal my-password command.

I havent used PEM wariant of this command, but I would assume it is just matter of different certificate formating.

BR,

Milos

Go to solution
AntonioMacia
Level 1
Level 1
In response to Milos_Jovanovic

‎01-28-2022 03:56 AM

Thanks Milos,

 

PKCS12 was my second option. I'll let you know as soon as I give it a try.

0 Helpful

Go to solution
MageshP2
Level 1
Level 1

‎05-31-2023 07:43 AM

Hi @Milos_Jovanovic ,Greetings! 

We have an use-case to upload Server Certificate + private key + intermediate certificate into IOS.

We tried with pem option with the command crypto pki import <trustpoint name> pem exportable terminal password <password> creating a CLI session to device and it works.

But we face issues when we try to integrate in java. We use SSHJ client and we write the same cert+key+intercert content into the output-stream and it fails with the error 

Unable to decode key.
% PEM files import failed.

We built the content this way -> intermediate cert content + \n + quit + \n + encrypted pvt key + \n + quit + \n + server cert content + \n + quit.

Request your help on this

 

0 Helpful

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to MageshP2

‎06-07-2023 01:28 PM

Hi @MageshP2,

I'm not usually manipulating txt files, as I'm not confident in proper formating, which is why I'm using OpenSSL to manipulate these files (combine, split, reformat, etc.).

Kind regards,

Milos

0 Helpful
Customers Also Viewed These Support Documents