01-30-2019 06:22 AM - edited 07-05-2021 09:46 AM
Hello,
I am trying to Configure SSL for a Cisco Wireless LAN Controller 5508 but when I type the follow command appears error opening input file:
OpenSSL> pkcs12 -export -in All-certs.pem -inkey mykey.pem -out All-certs.p12 -clcerts -passin pass:check123 -passout pass:check123
Loading 'screen' into random state - done
Error opening input file All-certs.pem
All-certs.pem: No error
unable to write 'random state'
error in pkcs12
Any suggests?
Thanks a lot
Solved! Go to Solution.
02-01-2019 01:32 AM
01-30-2019 08:27 AM
Hi,
I used the following command and it worked:
pkcs12 -in file.pfx -out final.pem -passin pass:XXXXXX -passout pass:XXXXXX
-If I helped you somehow, please, rate it as useful.-
01-31-2019 07:39 AM
Finally I can execute the commands:
OpenSSL> pkcs12 -export -in All-certs.pem -inkey mykey.key -out All-certs.p12 -clcerts -passin pass:check123 -passout pass:check123
Loading 'screen' into random state - done
OpenSSL> pkcs12 -in All-certs.p12 -out final.pem -passin pass:check123 -passout pass:check123
MAC verified OK
But when I try to install the certificate appears error:
TFTP receive complete... Installing Certificate.
*spamApTask7: Jan 30 14:34:36.375: OpenSSL Get Issuer Handles: CSCO user cert not verified by Cisco Roots ...
*TransferTask: Jan 30 14:41:26.945: Add WebAuth Cert: Adding certificate & private key using password check123
*TransferTask: Jan 30 14:41:26.947: Add ID Cert: Adding certificate & private key using password check123
*TransferTask: Jan 30 14:41:26.947: Add Cert to ID Table: Adding certificate (name: bsnSslWebauthCert) to ID table using password check123
*TransferTask: Jan 30 14:41:26.947: Add Cert to ID Table: Decoding PEM-encoded Certificate (verify: YES)
*TransferTask: Jan 30 14:41:26.947: Decode & Verify PEM Cert: Cert/Key Length was 0, so taking string length instead
*TransferTask: Jan 30 14:41:26.947: Decode & Verify PEM Cert: Cert/Key Length 9016 & VERIFY
*TransferTask: Jan 30 14:41:26.956: Decode & Verify PEM Cert: X509 Cert Verification return code: 0
*TransferTask: Jan 30 14:41:26.956: Decode & Verify PEM Cert: X509 Cert Verification result text: unable to get issuer certificate
*TransferTask: Jan 30 14:41:26.956: Decode & Verify PEM Cert: Error in X509 Cert Verification at 2 depth: unable to get issuer certificate
*TransferTask: Jan 30 14:41:26.958: Add Cert to ID Table: Error decoding (verify: YES) PEM certificate
*TransferTask: Jan 30 14:41:26.958: Add ID Cert: Error decoding / adding cert to ID cert table (verifyChain:
01-31-2019 02:18 PM
Send me a message so I can provide you a procedure to install the cert step by step. I do not follow Cisco doc because it is confusing. Openssl is required on your laptop.
02-01-2019 01:32 AM
02-05-2019 11:51 AM
Hello,
The problem was that the Root certificate that came in the chain sent by the certifying entity did not match the public certificate found on the certification authority's page. Once this certificate was corrected and the process was carried out again, it worked correctly.
Thanks a lot to all.
02-07-2019 05:00 PM
Good to know and thanks for update. This makes the forum lot better.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide