Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3163
Views
5
Helpful
4
Replies

ironport certificate key cannot be parsed or found

igbinosuneric
Level 1
Level 1

‎04-28-2015 06:27 AM

i uploaded this certification to the  WSA and it returned this error "Key cannot be parsed or found" 

 

i am using a csr generated by the WSA 

 

what could be the issue

2 people had this problem
Labels:
0 Helpful
4 Replies 4

Handy Putra
Cisco Employee
Cisco Employee

‎05-09-2015 06:32 PM

Hi,

Are you using Microsoft CA server to signed the CSR that you have downloaded  from WSA?

If yes you can follow the below:

1. Download the CSR from the WSA

2. Open the CSR using Wordpad or another text editor and copy the Certificate Request section (only the section --BEGIN CERITIFICATE REQUEST-- xxxxx --END CERTIFICATE REQUEST--) 
3. Navigate to the MS CA server: https://server/certsrv
4. Select "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file"
5. Click Certificate Template and choose Subordinate Certification Authority
6. Paste in your copied CSR
7. Download your CA signed certificate
8. Upload the signed certificate (make sure you use the Signed certificate upload section and not the top section.

 

Tips: We need to Submit > Commit the changes on every step changed on WSA.  In case WSA giving errors such as “Certificate and key do not match”, please review the steps above with customer again.

 

Reference:
Video KB: Steps to enable HTTPS proxy on WSA & Certificate Signing Request (CSR) option.

https://supportforums.cisco.com/video/11933356/steps-enable-https-proxy-wsa-certificate-signing-request-csr-option

 

Also Attached documentation from Microsoft CA perspective.

 

Hope this helps

 

Preview file
508 KB
0 Helpful

ashaw216
Level 1
Level 1
In response to Handy Putra

‎06-30-2015 07:52 AM

I tried your instructions, but I get the still get the error that the key cannot be parsed.

 

Also, in the pdf you attached, the screenshot shows the HEX part of the CSR being pasted into the request, when in the instructions you say to only copy the part including "-----BEGIN CERTIFICATE REQUEST ---" etc... ?

 

0 Helpful

igbinosuneric
Level 1
Level 1
In response to ashaw216

‎09-10-2015 01:32 AM

hello guys 

 

I faced this same issue 

once you generate the CSR commit the change 

then follow the instructions given because the appliance might revert back to the previous certificate while you are working one the CA server

this should work 

 

 

  

Delo Arnautalic
Level 1
Level 1

‎09-10-2015 01:48 AM

After creating CSR you have to submit and commit changes and then upload a certificate and it will work.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents