Import a certificate SSL on SG500X

I try to use SSL certificates disconnected by the internal CA on all our SG500X and SG500 rocker, the manual is a little vague on the process of importation of the real process, I have generated demand for the switch without specifying a new key (so I guess it used the default value), has presented the request of my CA and downloaded the cert. Because the import option does not allow the import of the cer file, I open with a text editor and copied the cert, including start and end markers, when I submit, in it I get the error: SSL could not import the certificate - conversion of entry to the certificate failed.

Hello Steve,.

Here is a step by step guide to import the SSL certificate. I hope this helps.

http://sbkb.Cisco.com/CiscoSB/UKP.aspx?VW=1&docid=49843175a37149768dc4c331a05dce92_Edit_SSL_Server_Authentication_Settings_on_SG500x_Series_Sta.XML&PID=2&respid=0&SNID=3&DISPID=0&cpage=search

Nana

Tags: Cisco Support

Similar Questions

  • Problem importing Certificate SSL in gateway desktop remotely

    Hello

    Windows 2008 R2

    Our SSL wildcard (by Go Daddy) certificate has expired, I have renewed, went into IIS, created a CSR, apply the CSR, downloaded the version of IIS of GoDaddy. completed CSR in IIS, applied the intermediate certificate, went into MMC and import the certificate into the local computer store.

    BUT... I have problems with the gateway Office remotely.  I can't import the cert generic it.  I'm in management gateway > properties > SSL certificate and take the option "Select an existing certificate" I see the generic cert, I select it and click on apply, it flashes away and then apply it is grayed out, so I click on OK, but says still no cert... status says I need a cert.  So it's like it is not recognizing the cert or is the kind of evil?

    Thought he could be authority, so I tried it with several different admin on the global domain IDs.

    I also went through MMC and imported the cert in the location of the remote office certificates, but who don't seem to have any impact.

    What I am doing wrong?

    Go Daddy suggests cert regeneration, but I don't want to do it again unless I need to.

    Any ideas?

    Thanks in advance!

    After much research, found this https://support.microsoft.com/en-us/kb/959120

    Changed the link for port 443 and it worked!

  • Authenticate or import the certificate to another vendoor

    Hello

    I have to configure the security scenario after:

    On CISCO:

    -Add server (CA1) of CA certificate which host peer certificates

    -Add the CISCO recovered Certificate Server CA (A2)

    So I used according to:

    Crypto pki trustpoint CA_ROOT

    Terminal registration

    use of ssl-server

    revocation checking no

    and done manually authentication of the certificate of the CA server (A1).

    This is what it looks like:

    AS67129 (config) #crypto pki authenticate CA_ROOT

    Enter the base-64 encoded certificate authority.

    Ends with a blank line or the word "quit" on a line by itself

    -BEGIN CERTIFICATE-

    MIIB5zCCAZGgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBKMREwDwYDVQQKEwhFcmlj

    c3NvbjEPMA0GA1UECxMGQUwvRVRFMSQwIgYDVQQDExtURVNUIENBIGZvciBDUFAg

    U0NFUCBzZXJ2ZXIwHhcNMDkxMDIyMDgzNzQxWhcNMTkxMDIwMDgzNzQxWjBYMQsw

    CQYDVQQGEwJTRTEUMBIGA1UEChMLRXJpY3Nzb24gQUIxDzANBgNVBAsTBkFML0VU

    RTEiMCAGA1UEAxMZU3ViQ0EgZm9yIENQUCBTQ0VQIFNlcnZlcjCBnzANBgkqhkiG

    9w0BAQEFAAOBjQAwgYkCgYEA3bR1yEyvrYDafqGSxZTUNcHW8OozdNO4ZKoMFZww

    4twVoC3mBvQxOYvEcC8YFgtxZVVynLzL1j/rEVyCIuGaTj5X7fNc9N7qDZMq1XQ /.

    HY8t + aBesvwrzjPKjt7rQ2P90B4w4uEjImGTyhmlGRlFx6XKz1ISMvGK + GLDtFlU

    XqMCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAJxunpng

    k6diona1Bn65ToH5nu67D4N/PlABuFy86PhN9UyY + bHockyspoGDmgHle1zX1b2i

    nSGRkopq2MDqM3s =

    -CERTIFICATE OF END-

    quit smoking

    Trustpoint "CA_ROOT" is a subordinate certification authority and holds a nonfree signed cert

    Certificate has the following attributes:

    Fingerprint MD5: CF5E3F6A 6BD0F348 3612B 785 1259241C

    Fingerprint SHA1: 389FE1A7 CF3DD551 3C484EF1 BAC5DD28 1525F43A

    % Do you accept this certificate? [Yes/No]: Yes

    Certificate of the CA Trustpoint accepted.

    % Certificate imported successfully

    There are now executing command:

    Crypto PKI import CA_ROOT

    What is the difference between authentication and import?

    Result of this import command is that the certificate is not signed by the private key of CISCO.

    Currently there is no private key to CISCO.

    Any certificate is generated by the Protocol Server CEP, which will provide the certificate to the peer in host

    Configuration of the IpSec tunnel.

    Thank you

    Renato

    Hi Renato.

    The command crypto pki authenticate CA_ROOT is to authenticate the certificate authority (CA) (by obtaining the certificate of the certification authority)

    This command is required when initially configuring CA support to your router.

    This command authenticates the CA of your router with the CA certificate that contains the public key of the CA. Because CA signs its own certificate, you must manually authenticate the public key of the CA by contacting the CA administrator, when you enter this command.

    In the following example, the router asking for the certificate of the CA.  The CA sends its certificate and the router asks the administrator to check the certificate of authority of fingerprint verification of CA. The CA administrator can also view of the certificate of the CA, so you should compare what the CA administrator ensures that the router displays on the screen. If the fingerprint on the screen of the router matches the fingerprint, read by the CA administrator, you must accept the certificate as being valid.

    Router(config)# crypto pki authenticate myca 


    Certificate has the following attributes: 
    Fingerprint: 0123 4567 89AB CDEF 0123 
    Do you accept this certificate? [yes/no] y# 

    import of crypto pki certificate of name is to import the certificate of identity on the router.

    Here is the link you can follow

    http://www.Cisco.com/en/us/docs/iOS/Security/command/reference/sec_c5.html#wp1044348

    HTH

    Concerning

    Regnier

    Please note all useful posts

  • How do I configure the iPad2 to synchronize the iPad-Mailclient with Exchange 2010 via Active Sync using the certificate SSL client and name of user and password?

    Active Sync iPad ssl Client certificate

    How do I configure the iPad2 to synchronize the iPad-Mailclient with Exchange 2010 via Active Sync using the certificate SSL client and name of user and password?

    Hi Ewoki,

    Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the TechNet Exchange forum. Please post your question in the Forums TechNet in Exchange Server.

  • Certificate SSL VPN

    Hi all

    I have configured the SSL vpn client and the client less ssl vpn, but I am not able to connect cisco vpn client softrware and also browser, because of certificate problem, can you please tell how to create the certificate SSL VPN

    Thanks and greetings

    Rajesh Gowda

    Sign up for a certificate from a public certification authority and use the FQDN to connect to the VPN. Then these warnings should not appear.

  • Could not import the certificate - you can solve it here

    Hi all

    seems that I'm having a similar problem:

    Re: Error - failed to import the certificate - you can fix this here

    My gap phone signature keys worked a few months - now my key says iOS:

    "Error - failed to import the certificate - you can fix this here" when I Isaiah to compile app

    I find this part a bit confused so please use no baby...

    -I went to https://developer.apple.com/account/ios/certificate/distribution

    and it looks like my prod. CERT and mobile profile available are both still active

    -J' tried to re - download these that have been saved on my computer when I them - go back to the generation gap phone - and he accepted them with my pass

    - then I opened a new I just did-, but has the same problem when I try to build a production application = "error - failed to import the certificate - you can fix that here."

    Q: what should I do to fix this?

    R: remove the CERT in my keychain and their construction everything again from scratch?

    B: should I remove the ACTIVE apple certs and profile mobile available?

    C: something simpler to solve this problem?

    Thanks in advance - Dave

    Should be fixed now.  It seems that you have found a server in our collection that was generations before it was supplied.  Sorry for the inconvenience.

  • Error - failed to import the certificate - you can fix this here

    I get this message when you try to create a new generation.

    Error - failed to import the certificate - you can fix this here

    I created a new .p12 file, but also a configuration profile. I can't understand why this keep happening. Thanks in advance for any help you can provide.

    This error means that the certificate and the private key in the p12 file don't match. Take a look at this post, which describes in more detail the creation and validation of your p12.

    I have not watched the certificate remains to be seen if this is indeed the expiration date.  Will look at this next...

    Unrelated and probably that your certificate has indeed expired.

  • Client certificate SSL V3.0

    How can I connect to a web service that requires client certificates SSL V3.0 using CFMX?

    I am trying to use a client certificate to connect via CFHTTP a secure Web site and I'm getting a "403.7 - Forbidden: certificate customer required" error. I have correctly installed the Web site cert by following the instructions here:
    http://www.TalkingTree.com/blog/index.cfm?mode=entry & entry = 25AA75A4 - 45a 6-2844 - 7CA3EECD842D B576

    When I access the secure site using IE, I am asked to use the installed client certificate, and then I'm able to view the content secure without no 403 errors.

    After completing the research question, I read in this post that CFMX7.01 does not support the SSL V3.0 protocol:
    http://www.houseoffusion.com/cf_lists/message.cfm/forumid:4 / messageid:229870 / step: 0

    Did someone using client certificates SSL V3.0 with CFMX7.01? Is it a question of Adobe or java problem? Are there alternatives?

    CFX_HTTP5 worked great!

    I wish just called him 'good '. I asked the question about a popular mailing list and got absolutely no response. I also searched Google for a few hours and did not find anything. CFX_HTTP5 did the job and now I can finish what I started instead of saying my client I found a mission critical issue that ColdFusionMX couldn't do.

    Thanks again!

  • Problems installing certificates SSL on a RV325

    IM pretty new to this router interface and I need help to install my external certificates on my RV32x router.

    I created my CSR, it has provided to the authority of SSL.  Both my web certificate (X.509) and my intermediate CA was provided to me.   The router's request. PEM format certs, so I made sure that the format of certificates followed lines of anchor text (BEGIN CERTIFICATE and END CERTIFICATE).

    No matter what I do, any order, format, the combination of keys (X.509 and CA) intermediate - and I went so far as to reissue the certificates and start from the beginning.  I've recreated the CSR, had the power of SSL to send me new keys and tried again the steps (in case I missed something, Miss a step, or SOMETHING...). I even went out to HQ and got another case here, there was a problem there.

    I got errors where it is said that the "key Certification is not valid." "" Check the public key for the date and time... ", etc.  All seem like mistakes that don't relate to the action, I show.

    Someone at - he had that same experience and found a way through it?   I thought I was pretty knowledgeable in this area, but I'm guessing me!  :)  Any help would be greatly appreciated.   It shouldn't really be this difficult!

    Hi Scott,.

    Could you try it by following these steps:

    Before you measures make sure that you have a backup of your original file

    1. open ciscorouter.pem with Notepad + or PSpad.

    2. you can find there is a private key and three certificates in the file.

    3 copy the private key and the first certificate include the begin/end message.

    -----BEGIN PRIVATE KEY-----

    .

    .

    .

    -----END PRIVATE KEY-----

    -BEGIN CERTIFICATE-

    .

    .

    .

    -CERTIFICATE OF END-

    4. Paste the content in step 3 to a new file named Cer_plus_private.pem.

    5. make sure that there is two newlines in the end, then save it. [This is the workaround for]

    This problem].

    6 copy the certificate to the second and the third certificate include the begin/end message.

    -BEGIN CERTIFICATE-

    .

    .

    .

    -CERTIFICATE OF END-

    -BEGIN CERTIFICATE-

    .

    .

    .

    -CERTIFICATE OF END-

    7 paste the content in step 6 to a new file named CA.pem and save it.

    8 import CA.pem and Cer_plus_private.pem in RV32x.--> success.

    Kind regards

    Aditya

  • Certificates SSL ID not chaining of CA

    * Any thoughts on what this should have been posted in a different security thread?

    I tried this piece so that SSL VPN remote access, understanding PKI and ASA 5500 Series chapter 73 configuration of certificates of the digital Cisco, but still need help.

    Here's a basic config that I use to create the CA and ID on ASAs certificates. I use the ASA as the CA server. When I export the SSL trust point it shows not chaining of CA. Since there is no chaining when I load the certification authority in the root store I still have an SSL certificate error.  Instead, I have to load the Trustpoint of SSL certificate. Please take a look and let me know where where my problem is.

    CREATE CA

    crypto ca server

    from SMTP address [email protected] / * /

    life ca 3650

    certificate of life 3650

    CRL life 24

    KeySize 2048

    KeySize 2048 Server

    no passphrase 123456789 stop

    CREATE SSL ID TRUSTPOINT

    Crypto ca trustpoint Identity_Certificate

    LOCAL-CA-SERVER key pair

    ID-use ssl-ipsec

    no name FQDN

    name of the object CN = 192.168.40.1, OR = SSL_ANYCONNECT_VPN <--This would="" be="" my="" headend="">

    registration auto

    REGISTER TRUSTPOINT

    Crypto ca enroll Identity_Certificate

    answer NO to include the serial number of the device

    DEFINE TRUSTPOINT VPN ON THE EXTERNAL INTERFACE

    SSL-trust outside Identity_Certificate point

    Initially, I thought it was a problem with the registration oneself in the trustpoint, but I can't seem to understand the steps to complete registration Terminal.

    I had stages crypto ca enroll Identity_Certificate and displays the certificate request. At that time there sh crypto ca trustpoint Identity_Certificate is waiting for registration. I can't find the command for the CA that allows registration trustpoint. If I try to export the crypto ca Identity_Cetificate - certificate of identityit says trustpoint are not registered. Of course if I take the registration request and you try to import a ca certificate Identity_Certificate crypto fails because it is not cert.

    Triton

    Triton,

    This is the right forum, and what you watch, it's normal. The local certification authority is not designed to generate a certificate of identity for the SAA itself.  The ASA will have its own identity/SSL certificate, which can be either a self-signed (like you do with registration se - in this case you must import the cert self-signed on clients to avoid warnings from certificate) or a certificate issued by a trusted third party (for example Verisign, Globalsign, etc.).

    HTH

    Herbert

  • Certificate SSL Workstation

    VMware Workstation installs an SSL certificate with:

    Subject: C = US / L = Palo Alto/OU = VMware/CN = VMware/[email protected]


    This translates into several findings in ACAS (Nessus) related to "SSL certificate can be approved," "SSL certificate with Hostname" erroneous, "a self-signed SSL certificate.


    What is the certificate?  How is it generated?  I can replace it with a 'real' certificate signed by a confidence CA?


    This is a pretty important issue for anyone who uses the workstation in a DoD level... in the coming months, all these conclusions must be reorganized or have a POA & M (Plan of Action and milestones) to fix.  The best solution would be to replace with a certificate signed by a CA DoD.  Probably second-best would be to delete if there is no basic functionality that is on it.  But just ignorant, it isn't going to be acceptable.

    Hello

    Welcome to the communities.

    If please go through the link below and share your output.

    http://pubs.VMware.com/workstation-10/index.jsp?topic=%2Fcom.VMware.ws.using.doc%2FGUID-F93E6851-951C-4FF6-BFE0-2A05E89B3E7A.html

  • Adding Exception Certificate SSL in Firefox 4

    I recently installed Firefox 4 beta 11 and now can't access some Web pages provided by my University that use SSL encryption.

    The error message I get (in a pop-up box) is:

    evasys. Urz.Uni-halle.de uses an invalid security certificate.

    The certificate is not approved, because no sender string has been provided.

    (Error code: sec_error_unknown_issuer)

    It has been a known issue that somehow Firefox does not handle the issuer of the certificate chain correctly (this is what the it Department) and the solution so far was to add an exception for this site in Firefox 3.x.x

    It would be nice for me for Firefox 4, too, but I can't find a way to add this exception. As soon as I reject the error message box by clicking 'OK' nothing happens, don't "this connection is not approved" - page (http://support.mozilla.com/en-US/kb/This%20connection%20is%20untrusted#w_certificates-and-identification) is open or anything equivalent.

    Thanks in advance for any help.

    Nothing has changed about adding exceptions in Firefox 4 AFAIK.

    If you can not add an exception, but get a pop-up with the error message, you can go the pref browser.xul.error_pages.enabled on the topic: config page and make sure that the value is set to true (the default).

    You can retrieve the certificate and the control that has issued the certificate.

    • Click on the link at the bottom of the error page: "I understand the risks".

    Let Firefox recover the certificate: "Add Exception"-> "get certificate".

    • Click on the "view..." button. "to inspect the certificate and the Coachman, who is the sender.

    Only leave the brand in the box at the bottom to "permanently store this exception' If you trust this certificate.

    • Click on "Confirm the Security Exception" to enter the site if you still want to go to this site.
  • Conflict of Certificate SSL RV082 Cisco for ActiveSync

    I have a Cisco RV082 session before my exchange server. I have the port forwarding for 443 to my exchange server.

    My ActiveSync (iPhone, Droid) users get a connection error when HTTPS is enabled on the Firewall tab using the MS Connection Tester, it appears that the ActiveSync connection picks up the cert of Cisco, installed on the RV082 and not the cert I on the Exchange Server.

    If I turn off HTTPS then it all works.

    That would be fine except that I seem to need HTTPS to my VPN connection enabled to work.

    Help!

    I saw this question on RV0xx V3 devices. The devices are built with more security, but the device will always meet the demands of SSL certificates and not transfer the request even if the port forward is activated. Even when the port which is transferred 443 is not the router will always respond with its own SSL certificate. If you experience this kind of configuration problems. Please if you do not need ensure the management to distance, SSL VPN, or secure disable management LAN HTTPS under the firewall settings. If you need these parameters so please call in and create a case. More business with this number, we create the problem gets noticed and solved. There is no rejection of bug at this time for the same problem, I know. Please call Small Business Support Center at 1-866-606-1866. If the technician you speak with what is not aware of the problem please have a talk with me.

    Thank you

    Cisco Small Business Support Center

    Randy Manthey

    CCNA, CCNA - security

  • Renew certificates SSL on SAA

    I tried to renew this SSL certificate, but now I have to make a minimum key size 2048. the current size is 1024.

    I changed the key of 2048 by using this command "ASA (config) # crypto key generate rsa label ciscoca modulo 2048";

    I generated the CSR using the "ASA (config) # crypto ca enroll ciscoca.

    When I test my CSR, it fails and shows that I still have the size of 1024 key.

    No idea why it does not take the new key size?

    Hello Saleh

    After generating the key pair, it must associate it with a truspoint. Then, you will need to register to the RA/CA.

    'Re missing you the step in the middle. Please visit the following link:

    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00808b3cff.shtml#Step2

    Please rate if useful.

    Concerning

    Farrukh

  • Placement of Certificate SSL VPN on workstations

    If you use the certificate for two-factor authentication. What certificates: root CA, SSL Cert, Cert user authentication (identity) Web page) and what Office did you place their Machine or user account. Then under this account which folder to place them in, Trusted Root, root, user folders trusted intermediaries?

    Any chance that you could provide a link to a doc of Cisco would be useful.

    Triton

    The below treats doc registration CEP with the AnyConnect client and provides a few screenshots of the default value of the certificates on a Microsoft client locations.  Depending on your deployment needs, you can influence what specific certificate store is accessible by configuring an AnyConnect XML profile.

    http://www.Cisco.com/en/us/customer/products/ps6120/products_configuration_example09186a0080b25dc1.shtml

    Todd

Maybe you are looking for