Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
283
Views
0
Helpful
1
Replies

Problem manually loading certificate loading vpn spa device certificate on catalyst 6500

gibsonmoses45
Level 1
Level 1

‎07-09-2010 03:04 AM

Dear colleagues,

I wonder if someone out there can point in the right direction.

I have the IPSEC VPN SPA running of a CAT6513 switch and I am wanting to use certificates for authenitication but somehow I can't seem to complete the process successfully:

I have gone through the following steps:

1. crypto key generate rsa general keys

Created my keys with modulus 2048.

2. Create the trust point

crypto ca trustpoint mysite

3. Generate CSR

crypto ca enroll mysite

4.Create my cer from the csr created above.

5. Load the CA root certificate

Loads succesfully

CA loaded

6. Load server certificate(VPN SPA)

crypto ca import mysite certificate

I then get the following error:

Failed to parse or verify imported certificate?

The CA has a modulus of 4096 bits and I used to generate the key for signing with the CA.

Could that cause problems?

Can someone please point out where I might be going wrong?

Thanks and regards,

Gibson Moses

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎07-09-2010 03:45 AM

Hello there,

Can you please share with us decode of the new certificate?

One thing I was recently dealing with was Signature Algorithm field.

But maybe you can do crypto pki debugs while you apply the cert?

-------

deb cry pki m

deb cry pki t

-----


and do share software version on cat6k.

Not that PKI component is not dependand on VPN SPA.

Marcin

0 Helpful
Customers Also Viewed These Support Documents