cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1921
Views
5
Helpful
4
Replies
Highlighted
Beginner

ironport certificate key cannot be parsed or found

i uploaded this certification to the  WSA and it returned this error "Key cannot be parsed or found" 

 

i am using a csr generated by the WSA 

 

what could be the issue

4 REPLIES 4
Highlighted
Cisco Employee

Hi,

Are you using Microsoft CA server to signed the CSR that you have downloaded  from WSA?

If yes you can follow the below:

1. Download the CSR from the WSA

2. Open the CSR using Wordpad or another text editor and copy the Certificate Request section (only the section --BEGIN CERITIFICATE REQUEST-- xxxxx --END CERTIFICATE REQUEST--) 
3. Navigate to the MS CA server: https://server/certsrv
4. Select "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file"
5. Click Certificate Template and choose Subordinate Certification Authority
6. Paste in your copied CSR
7. Download your CA signed certificate
8. Upload the signed certificate (make sure you use the Signed certificate upload section and not the top section.

 

Tips: We need to Submit > Commit the changes on every step changed on WSA.  In case WSA giving errors such as “Certificate and key do not match”, please review the steps above with customer again.

 

Reference:
Video KB: Steps to enable HTTPS proxy on WSA & Certificate Signing Request (CSR) option.

https://supportforums.cisco.com/video/11933356/steps-enable-https-proxy-wsa-certificate-signing-request-csr-option

 

Also Attached documentation from Microsoft CA perspective.

 

Hope this helps

 

Highlighted

I tried your instructions, but I get the still get the error that the key cannot be parsed.

 

Also, in the pdf you attached, the screenshot shows the HEX part of the CSR being pasted into the request, when in the instructions you say to only copy the part including "-----BEGIN CERTIFICATE REQUEST ---" etc... ?

 

Highlighted

hello guys 

 

I faced this same issue 

once you generate the CSR commit the change 

then follow the instructions given because the appliance might revert back to the previous certificate while you are working one the CA server

this should work 

 

 

  

Highlighted

After creating CSR you have to submit and commit changes and then upload a certificate and it will work.

Content for Community-Ad