Solved: Adding certificate in IOS

AntonioMacia · ‎01-27-2022

Hi,

I need to upload a certificate + private key + root CA certificate into a Cisco IOS for AnyConnect access. I tried using the command crypto pki import my-trustpoint pem terminal password, however the private key I've been given is not password protected so, I get an "unable to decode key" error after pasting it.

Is there any other way to upload the certificate?

Thanks,

Milos_Jovanovic · ‎01-27-2022

Hi @AntonioMacia,

You must combine all three files (private key, certificate, and issuing CA) into one PKCS12 file, and then import that file to Cisco IOS. You can use OpenSSL for combining these files together. Pay attention that Cisco IOS is using Base64 encoded certificate, so you have to format it correctly.

After that, please use crypto pki import my-trustpoint pkcs12 terminal my-password command.

I havent used PEM wariant of this command, but I would assume it is just matter of different certificate formating.

BR,

Milos

View solution in original post

Milos_Jovanovic · ‎01-27-2022

Hi @AntonioMacia,

You must combine all three files (private key, certificate, and issuing CA) into one PKCS12 file, and then import that file to Cisco IOS. You can use OpenSSL for combining these files together. Pay attention that Cisco IOS is using Base64 encoded certificate, so you have to format it correctly.

After that, please use crypto pki import my-trustpoint pkcs12 terminal my-password command.

I havent used PEM wariant of this command, but I would assume it is just matter of different certificate formating.

BR,

Milos

AntonioMacia · ‎01-28-2022

Thanks Milos,

PKCS12 was my second option. I'll let you know as soon as I give it a try.

AntonioMacia · ‎02-02-2022

It works. Thanks.