Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4678
Views
15
Helpful
3
Replies

How to import certificate chain and private key and cert in cisco

Go to solution
MrBeginner
Spotlight
Spotlight

‎07-01-2022 03:05 AM

Hi ,

i would like to install certificate chain (root and sub certificate) ,private key and certificate for router in under one trustpoint to use VPN. So i conbined private key and certificate as a one pfx file .

i install certificate chain ( root and sub) in my trustpoint using : crypto pki authenticate XXX.

and then i try to import cert to same trustpoint which installed certificate chain.

i got trustpoint insue error.

So let me know how to import certificate chain and pfx file together in one trustpoint ?

Or how to conbine certificate chain,private key and cerfificate as one pfx ?

I would like to use this certificate for VPN. I don't want to generate csr file from cisco router.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎07-01-2022 03:17 AM

@MrBeginner try the following:

 

Use OpenSSL to generate a CSR, private key and then create PKCS12 file

  • Type openssl genrsa -out FTD-1.key 2048 to generate a private key
  • Type openssl req -new -key FTD-1.key -out FTD-1.csr to create a CSR file

When prompted enter the Country Name, State or Province Name, Locality Name, Organisation Name, Organization Unit Name and Common Name

 

Get the certificate signed by CA

Import the signed certificate and root cert(s) into a PKCS12 file.

  • Type openssl pkcs12 -export -out FTD-1.pfx -inkey FTD-1.key -in FTD-1.cer -certfile RootCert.cer
  • Define a Export Password when requested

Import the PKCS12 file on the router crypto pki import <TP NAME> pkcs12

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎07-01-2022 03:17 AM

@MrBeginner try the following:

 

Use OpenSSL to generate a CSR, private key and then create PKCS12 file

  • Type openssl genrsa -out FTD-1.key 2048 to generate a private key
  • Type openssl req -new -key FTD-1.key -out FTD-1.csr to create a CSR file

When prompted enter the Country Name, State or Province Name, Locality Name, Organisation Name, Organization Unit Name and Common Name

 

Get the certificate signed by CA

Import the signed certificate and root cert(s) into a PKCS12 file.

  • Type openssl pkcs12 -export -out FTD-1.pfx -inkey FTD-1.key -in FTD-1.cer -certfile RootCert.cer
  • Define a Export Password when requested

Import the PKCS12 file on the router crypto pki import <TP NAME> pkcs12

Go to solution
MrBeginner
Spotlight
Spotlight
In response to Rob Ingram

‎07-03-2022 06:51 PM

Hi @Rob Ingram 

 

if we have root cert and sub cert, i need to combine to one cert ?

How to replace RootCert.cer with two cert (root cert and sub cert) in below command ?

 
  • Type openssl pkcs12 -export -out FTD-1.pfx -inkey FTD-1.key -in FTD-1.cer -certfile RootCert.cer

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to MrBeginner

‎07-04-2022 12:40 AM

@MrBeginner concatenate the intermediate certificate and root certificate into a single file and then import.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents