Solved: Re: I'm pretty sure it's in the

keithsauer507 · ‎08-17-2017

Hello, I'm curious where you install the certificate for the S300V 10.5.1-296 so you can administer the device in firefox without a certificate error.

We have a working S170 on 10.1.1, but the Network > Certificate Management page has an additional "Appliance Certificates" section on the new virtual WSA running 10.5.1. I generated a request, submitted it to our domain CA, converted it to PEM format with OpenSSL and installed it. It appears recognized, however even after a virtual appliance reboot, firefox claims the site is not trusted. Firefox still shows the certificate is issued to CN Cisco Appliance Demo Certificate.

What am I missing?

I tried to just import the settings from our S170 on 10.1.1, but get this:

Configuration File was not loaded. Parse Error on element "https_certificate" line number 162 column 22: Error in certificate validation: Certificates signature verification failed.

So I had to go to line 162 and remove the https_certificate section in order to get the settings to apply. I have no idea why.

Oddly, or Domain root cert is applied in the HTTPS proxy section, so the cert data starting on line 162 on the config xml file was not that one.

Ken Stieers · ‎08-17-2017

I'm pretty sure it's in the CLI

Certconfig is the command that's coming to mind.

View solution in original post

Ken Stieers · ‎08-17-2017

I'm pretty sure it's in the CLI

Certconfig is the command that's coming to mind.

keithsauer507 · ‎08-22-2017

Yes I was able to get the cert loaded via the web gui, but I had to activate (choose it) via SSH connection (CLI). Even once this was done and committed, the certificate did not actually change until I rebooted the virtual appliance.

Where do you install the certificate to on S300V 10.5.1-296