Impossible to import a private key RSA 2048 bits for Cisco SG500 SSL certificate,
On a Cisco SG500 - 52 Small Business switch, I generated a new 2048-bit RSA private key and generated a Certificate Signing Request to submit to a certification authority. I received the new certificate of the certification authority and tried to import it to the switch SG500-52. (1.2.7.76, boot 1.2.0.12 firmware version)
It is not possible to paste the text obtained certificate in the import box. the area of importation is limited to less than characters than the length of a certificate for a 2048-bit key...
Catch-22, anyone? (Or maybe better to say, wrestling-2048?)
Is there a solution to do this, perhaps in a more recent version of the firmware? It is possible to the CLI instead of the web interface?
Thank you
Hi Jay Libove,.
You can also try with cli. Telnet or ssh to the switch, then
terminal #configure
Crypto (config) # certificate import<1-2>
It gives you a prompt
Please copy - paste the entry... etc.
copy and paste the certificate and at the end add a point (.) at the end.
See if this work. You must have the certificate and the private key, but the copy of the certificate request does not work.
Let me know if I can help you further.
Thank you
Prithvi
1-2>
Tags: Cisco Support
Similar Questions
-
Your computer has been locked and all your files encrypted with RSA 2048-bit encryption.
My computer has been hit by a ransomware (which is reported by Palo Alto Networks March 4, http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infect es-transmission-bittorrent-client-...)
What should I do to save my files?
And how to remove the virus permanently?
If you do not have a backup that has not been attached while the virus was busy to encrypt your data, I think it's too late now.
To be absolutely sure that there is nothing left on the computer, the only way is from scratch.
-
Impossible to go from Vista Home Premium 32-bit for Windows 7 Ultimate 32 bit
I ran all the checks until I bought my upgrade from Amazon and should have been able to upgrade. I even added RAM memory while I have 3 GB of RAM. I put in the disc of Windows 7 Ultimate and it starts but just goes to "save temporary files" and stays there. It is not go further. I got on the phone twice with Microsoft technology and I did everything that they told me nothing does not. They tell me that I have to do a "clean" installation Why Microsoft cannot fix this problem? Now I have to return the disks to upgrade and install pay $100.00 more for the own. What a pain. Any ideas before returning the updated version?
Tip, you can clean installs the with the upgrade disk.
1 disable any security software before attempting to upgrade
2. make sure that your computer is updated (devices and applications)
3. disconnect all external devices before installing.
4. check your hard disk for errors:
Click Start
Type: CMD, according to the results, right-click CMD
Click on "Run as Administrator"
At the command prompt, type: chkdsk /f /r
When you restart your system, your computer will be scanned for errors and will try to correct them.
1. click on start, type msconfig in the search box and press ENTER.
User account control permission
If you are prompted for an administrator password or a confirmation, type the password, or click on continue.
2. in the general tab, click Selective startup.
3. under Selective startup, clear the check box load startup items.
4. click on the Services tab, select the hide all Microsoft Services check box, and then click Disable all.
5. click on OK.
6. When you are prompted, click on restart.
7. after the computer starts, check if the problem is resolved.
Also run the Windows 7 Upgrade Advisor:
http://www.Microsoft.com/Windows/Windows-7/Upgrade-Advisor.aspx
-
Private key certificate - an internal error has occurred... Win7
I'm trying to import a private key certificate (.pfx) file into the personal certificate of the local computer (win7) store. Here's my problem: an internal error has occurred. This can be either the user profile is not accessible or the private key that you are importing might require a cryptographic service provider that is not installed on your system. Any idea?
A box of Win 2003 and then export import worked for me, when you try to import a .pfx file in a Windows Server 2008 R2 x 64 box. Thanks a lot for the post!
-
Invalid key exception: no type of key: public key RSA Sun, 1024 bits
I'm trying to recover Microsoft Keystore certificates and extract its key using SunMSCAPI in the jdk 1.6. It gives me an exception for invalid key when I try to wrap the symmetric key (what was once to perform AES encryption on data), using the RSA algorithm.
Code snippet:
Output:// RSA 1024 bits Asymmetric encryption of Symmetric AES key // List the certificates from Microsoft KeyStore using SunMSCAPI. System.out.println("List of certificates found in Microsoft Personal Keystore:"); KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI"); ks.load(null, null) ; Enumeration en = ks.aliases() ; PublicKey RSAPubKey = null; Key RSAPrivKey = null; int i = 0; while (en.hasMoreElements()) { String aliasKey = (String)en.nextElement() ; X509Certificate c = (X509Certificate) ks.getCertificate(aliasKey) ; String sss = ks.getCertificateAlias(c); if(sss.equals("C5151997")) { System.out.println("---> alias : " + sss) ; i= i + 1; String str = c.toString(); System.out.println(" Certificate details : " + str ) ; RSAPubKey = c.getPublicKey(); RSAPrivKey = ks.getKey(aliasKey, null); //"mypassword".toCharArray() Certificate[] chain = ks.getCertificateChain(aliasKey); } } System.out.println("No of certificates found from Personal MS Keystore: " + i); // Encrypt the generated Symmetric AES Key using RSA cipher Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", ks.getProvider().getName()); rsaCipher.init(Cipher.WRAP_MODE, RSAPubKey); byte[] encryptedSymmKey = rsaCipher.wrap(aeskey); System.out.println("Encrypted Symmetric Key :" + new String(encryptedSymmKey)); System.out.println("Encrypted Symmetric Key Length in Bytes: " + encryptedSymmKey.length); // RSA Decryption of Encrypted Symmetric AES key rsaCipher.init(Cipher.UNWRAP_MODE, RSAPrivKey); Key decryptedKey = rsaCipher.unwrap(encryptedSymmKey, "AES", Cipher.SECRET_KEY);
List of certificates in Microsoft personal Keystore:
-> alias: C5151997
Certificate details:]
[
Version: V3
Object: CN = C5151997, O = SAP - AG, C = OF
Signature algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun public key RSA 1024 bits
modulus: 171871587533146191561538456391418351861663300588728159334223437391061141885590024223283480319626015611710315581642512941578588886825766256507714725820048129123720143461110410353346492039350478625370269565346566901446816729164309038944197418238814947654954590754593726047828813400082450341775203029183105860831
public exponent: 65537
Validity: [from: Mon Jan 24 18:17:49 IST 2011,]
[To: Wed Jan 23 18:17:49 IST 2013]
Issuer: CN = SSO_CA, O = SAP - AG, C = OF
Serial number: [4d12c509 eb85 00000005]
Certificate extensions: 6
[1]: ObjectId: 2.5.29.14 criticality = false
[SubjectKeyIdentifier
[KeyIdentifier
0000: 07 E5 83 A1 B2 B7 DF 6 b 4 b 67 1 and 9 D 42 C9 0 D F4... kKg... A.M..
0010: 35 76 D3 F7 5v...
]
]
[2]: ObjectId: 2.5.29.35 criticality = false
[AuthorityKeyIdentifier
[KeyIdentifier
0000: E4 C4 2 93 20 AF DA 4 C 53 68 4A C0 CE E7 F2, 30. .. L.ShJ... 0
0010: 0C 3 B 8 C 9 A. ;.
]
]
[3]: ObjectId: 1.3.6.1.4.1.311.21.7 criticality = false
Unknown extension: coded DER BYTE string =
0000: 04 30 30 2 06 26 2 b 06 01 04 01 82 37 15 08 82.00... & +... 7...
0010: D1 E1 73 E4 84 FE 0B FD 84 8 B 15 83 E5 1B 90 83... s.............
0020: 43 81 62 84 B1 A1 E6 DA 50 14 02 01 64 02 9TH D3... C.b... P...d.
0030: 01 1B...
[4]: ObjectId: 2.5.29.17 criticality = false
[SubjectAlternativeName
RFC822Name: [email protected]
]
[5]: ObjectId: 2.5.29.15 criticality = true
[KeyUsage
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]
[6]: ObjectId: 2.5.29.19 criticality = true
BasicConstraints:]
CA:false
PathLen: undefined
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: B3 C5 8 66 92 F4 CC D7 ED 6 51 12 63 52 18 B9... f... mQ.c... R.
0010: B8 A6 78 7 78 18 ED F7 DA 71 09 AE 49 23 C8 C9... .. x...x. q... I have #.
0020: F5 2F 32 0F D1 C0 08 4 2 B 6 D 3 C B9 5F 5B B5 11. 2 /... L + m <... _ [.]
0030: 05 D9 CA E6 F9 0 a 94 14 E7 C6 7 a 63 DB FE E5 CE... z.c...
94 0040:48 8 c 0D 77 92 59 34 6 77 1 a 24 FE E3 C1 H...w. Y .4nw$...
0050: 0 B 52 6 D8 HAS 7TH 22 13 71 F8 AF 17 64 4F C8 D1 D7... RJ. ». q... dO
0060: 83 EA 2D 6a CA 7F C3 84 37 15 FE 99 73 1 D 7 C D1... - j... 7... s...
0070:6 B4 99 09 62 B9 0F 18 33 4 66 C6 7 a 9F C0 DB m... b... 3L. FZ...
]
None of the found certificates in personal key MS: 1
Exception in thread "main" java.security.InvalidKeyException: unsupported key type: RSA Sun public key, 1024 bits
modulus: 171871587533146191561538456391418351861663300588728159334223437391061141885590024223283480319626015611710315581642512941578588886825766256507714725820048129123720143461110410353346492039350478625370269565346566901446816729164309038944197418238814947654954590754593726047828813400082450341775203029183105860831
public exponent: 65537
at sun.security.mscapi.RSACipher.init(RSACipher.java:176)
at sun.security.mscapi.RSACipher.engineInit(RSACipher.java:129)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at com.sap.srm.crpto.client.applet.CryptoClass.main(CryptoClass.java:102)
Published by: sabre150 on July 18, 2011 03:47
Added [code] tags to make the code readable.A little research indicates the key classes gets by
RSAPubKey = c.getPublicKey(); RSAPrivKey = ks.getKey(aliasKey, null); //"mypassword".toCharArray()
are sun.security.rsa.RSAPublicKeyImpl and sun.security. * mscapi *. RSAPrivateKey. It seems that Cipher objects from the SunMSCAPI provider cannot accept class sun.security.rsa.RSAPublicKeyImpl RSA public keys and that the SunMSCAPI will accept only class sun.security.mscapi.RSAPrivateKey RSA private keys.
This came in another form a couple of years. It makes sense because the packaging/encryption with a public key does not represent a security problem (there no secret in cryptographic operations) once done outside MSCAPI can use any provider who has the ability , BUT unpacking/decryption must be done with the SunMSCAPI provider which it delegates to the MSCAPI.
My test code of work based on your code for implementation of this approach is:
// RSA 1024 bits Asymmetric encryption of Symmetric AES key // List the certificates from Microsoft KeyStore using SunMSCAPI. System.out.println("List of certificates found in Microsoft Personal Keystore:"); KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI"); ks.load(null, null); Enumeration en = ks.aliases(); PublicKey RSAPubKey = null; Key RSAPrivKey = null; int i = 0; while (en.hasMoreElements()) { String aliasKey = (String) en.nextElement(); X509Certificate c = (X509Certificate) ks.getCertificate(aliasKey); String sss = ks.getCertificateAlias(c); if (sss.equals("rsa_key")) // The alias for my key - make sure you change it back to your alias { System.out.println("---> alias : " + sss); i = i + 1; String str = c.toString(); System.out.println(" Certificate details : " + str); RSAPubKey = c.getPublicKey(); System.out.println(RSAPubKey.getClass().getName()); RSAPrivKey = ks.getKey(aliasKey, null); //"mypassword".toCharArray() System.out.println(RSAPrivKey.getClass().getName()); Certificate[] chain = ks.getCertificateChain(aliasKey); } } System.out.println(ks.getProvider().getName()); System.out.println("No of certificates found from Personal MS Keystore: " + i); Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");//, ks.getProvider().getName()); !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! rsaCipher.init(Cipher.WRAP_MODE, RSAPubKey); byte[] keyBytes = { 1, 2, 3, 4, 5, 6, 7, 8, 2, 3, 4, 5, 6, 7, 8, 9 }; SecretKey aeskey = new SecretKeySpec(keyBytes, "AES"); byte[] encryptedSymmKey = rsaCipher.wrap(aeskey); System.out.println("Encrypted Symmetric Key :" + Arrays.toString(encryptedSymmKey)); System.out.println("Encrypted Symmetric Key Length in Bytes: " + encryptedSymmKey.length); // RSA Decryption of Encrypted Symmetric AES key Cipher unwrapRsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", ks.getProvider().getName()); //!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! unwrapRsaCipher.init(Cipher.UNWRAP_MODE, RSAPrivKey); Key decryptedKey = unwrapRsaCipher.unwrap(encryptedSymmKey, "AES", Cipher.SECRET_KEY); System.out.println("Decrypted Symmetric Key :" + Arrays.toString(decryptedKey.getEncoded())); // Matches the 'keyBytes' above
-
out-of-range security question: export a certificate with the private key
Salvation of the Forumers
As above mention of title, if we do PKI, we you get invovle with certificate.
When I made an express unit WLC and ACS, where the appliances doesn't come with generate CSR function... So we use openSSL for it.
To clear my curiosity, why we need to export the private key certifiate wit? Itsn can't the private key cannot publish to the public?
Thank you
Noel
Because two devices act as a server, and you would need to have the private key of the server. However, you do not have the private key to all customers for sure you mentioned you need to provide the public key to the client, not the private key only. Private key should only be stored on the server, and in this case, the two devices are the server.
-
Using keys with 4096 bit RSA encryption
Hello
I would use encryption RSA 4096 bit on BB device (for the test I use BB 8300 with 4.5.0.52 b75 OS).
Is this possible? I am getting exception in this code:
RSAKeyPair sampleKeyPair;
sampleKeyPair = new RSAKeyPair (new RSACryptoSystem (4096));Change of 4096 by 2048 solve this exception, but it is not the solution for me.
Thank you.
I answer myself.
After reading "Blackberry Enterprise Soluttion Security, Technical Overview", I found that I can use the 4096 bit encryption algorithm, but key generation is limited to 2048-bit (probably performance issue).
If the problem was not with
new RSACryptoSystem (4096)
but with the generation RSAKeyPair.
I had received an RSA private key from outside, so I need to generate a (at least in the current state of the project I'm working on)
I'm really curious to know, if someone know how to generate 4096 bit RSA key.
-
ISE error 'private key is unprotected.
I have two nodes ISE PSN I import certificates DigiCert ID on.
On each node, it worked as it should, but on the other, I get:
"" Private key validation failed: the password is invalid or the private key is not protected ".
This is a certificate SAN for CSR is manufactured in OpenSSL from .csr and .pvk EHT.
To make sure that I had not messed up the password, I generate a new CSR in OpenSSL, and the password is correct.
What is the meaning of 'the private key is not protected '?
What could be the certificate?
I have check the certificate in OpenSSL with
OpenSSL x 509 - in ise01digi.crt - noout-text
Tanks
Mikael
Hello
I met the same problem with private being badly protected key.
I solved it by encoding the private key to the DER instead of PEM format.
the command would be similar to:
OpenSSL rsa - in [-pass pass:]-outform DER-des3-out [-passout pass:]
I encrypted my private key with a password. That's why passin'/passout arguments are enclosed in brackets.
And to make sure that I don't get an error again once I also used on the key 3DES encryption.
HTH,
Patrick
-
Private key does not match cert.
Hello
I just bought certificates to an authority important cert for my area of work poc, but when you try to install them on the Configurator in the SSL part I get a "private key does not match cert".
I got three files of digicert (DigiCertCA.crt - TrustedRoot.crt and mysite.com.crt)
I have them open with notepad and copy all the content in a text file in the order of trusteroot mysite - digicert. This stuck in the part of the SSL certificate and copied the REA does for demand in the private key part, but it fails with this error.
also tried downloading the cert as a pem file but the same error.
If anyone knows what I'm doing wrong?
See you soon
SEB
Solved.
In fact, I feel really stupid but who knows that someone else could sit and scratch your head like I did so as usual better sharing where it can benefit and spare some time.
Reading here and there (I really feel like a fool...) I figured out I was entering my CSR to enter my private key. But then, where is my private key?
I generated the cert with the tool of digicert. Filled in all the fields so I end up with my cert and my csr... No private key
In order to get the key of a bit of research on Google as usual and think about it.
Add to export the certificate with the private key using openssl and managed to recover the key
Export the private from the pfx file key file
OpenSSL pkcs12 - in filename.pfx - nocerts - out .pem
Export the certificate file in the pfx file
OpenSSL pkcs12 - in filename.pfx - clcerts - nokeys-out cert.pemRemove the password for the private key
OpenSSL rsa - in .pem-out server.pemChained all three CERT downloaded previously into one. It stuck in the SSL section. Copied content of server.pem in the private key part and TaDaaa here goes green
See you soon
SEB
-
"password incorrect provided to decrypt the private key"
The keys that I generate on my Mac are unusable. Still, I get "incorrect password provided to decrypt the private key". In this case, whether or not I generate with a password.
This is the process I use:
ssh-keygen - t rsa-n mypassphrase f my_id
Generate the key pair public/private rsa.
Your identification has been saved in my_id.
Your public key has been saved in my_id.pub.
The fingerprint of the key is: etc etc
Then to check:
ssh-keygen - y f my_id.pub
Enter the password: mypassphrase
Loading key 'my_id.pub': incorrect password supplied to decrypt the private key
Anyone have an idea what is wrong? Thank you.
Turns out I had wrong instructions to the admin of the server I tried to connect to. He wanted me to use the .pub file when connecting via ssh. So what I tried to solve the problems. But that is never going to work, because the password is used to decrypt the private key, not the public key. So when I change my test to "ssh-keygen - y f my_id ' it works fine. Should have tried first. DOH.
-
SSH using the Public &; Private Key
Hi all
I have the switch set to SSH and it does not work well. I know how to configure SSH in router using the command crypto. The new requirement araised now. My organization has created a pair of key - PRIVATE KEY & KEY PULIC common to society using a mechanism. The idea is that the PUBLIC KEY will move into devices like Unix, Linux servers. so the staff which is due to the PRIVATE KEY is only allowed to access the device. I try to add / install / import the PUBLIC KEY into the switch in the same way. But I do not have idea how to move forward. Please guide me how to import the PUBLIC KEY into the switch, so that anyone who is to have the PRIVATE KEY is allowed to connect to the device.
R.B.KUMAR
This feature is NOT supported on Cisco IOS or
ASA. If you want to do something like this,
I suggest you look at other such providers
Nokia/Checkpoint, F5, or Juniper.
-
How to back up the private key of the ACS SE. I have the public key certified by a commercial CA already and you don't want to waste money spent in the purchase of the certificate. Reason I want because I'm getting following error on the console and backup services have stopped.
"Before called API initialized to H:\ismg_israel_acs\Acs\EndPoint\Core\endpoint.c.
pp:394 ".
===============
Cisco Secure ACS: 4.1.4.13
The application management software: 4.1.4.13
Base Unit image: 4.1.1.4
CSA build 4.0.1.543.2: (Patch: 4_0_1_543)
==========
CSAdmin - arrested
CSAuth - arrested
CSDbSync - arrested
Case - stop
CSMon - from
CSRadius - from
CSTacacs - shut down
===================
Can I use the backup feature? It also backs up the private key?
Maury,
Unfortunately, there is no way to export just the private key and the certificate.
which can be re-imported in the ACS. There was a request in this regard
feature to allow the export of private keys and certificates for the purposes of backup. Is the bug ID: CSCed14965.
http://www.Cisco.com/cgi-bin/support/Bugtool/onebug.pl?BugID=CSCed14965
However, what you can do, is make a backup of the database. This will save the registry
that includes the certificate and the private key. Then, you can restore this backup file
on a new machine and choose to restore the part of the System Configuration. This will restore
the certificate and the private key in the certificate of the CSA page.
Hope that helps
Kind regards
~ JG
Note the useful messages
-
Hi all
According to the EMV standard, we demand that two RSA keys.
(1) issuing RSA keys (will use little 1408)
(2) ICC of RSA keys (will use little 1152)
Here is the private RSA keys of the transmitter, use to calculate the ICC public key certificate. An EMV card contain various tag as 8F, 90 (issuer public key certificate) 9F46 (ICC PUBLIC KEY CERTIFICATE) etc that use in SDA/DDA.
In fact, I want to calculate these values all (using Java) and want to perform the operation of SDA/DDA by my own understanding.
Here I have need clear RSA keys that I'll use the computation of tag as well as the operation of SDA/DDA.
EMV also have DGI8201-8205 that contian a RSA private key of CCI in CRT format.
Could any body tell me how can I get the RSA keys that can solve my purpose and can be used in the calculation of the EMV. Thanks in advance.
Hi all
I got the right answer to StackOverflow. You can check it out here. http://StackOverflow.com/questions/31831367/test-RSA-keys-for-EMV-card/31848282?NoRedirect=1#comment51634680_31848282
-
SSH - private key location for ESXi?
After generating RSA SSH keys to allow SSH without password from host ESXi5 to another SSH server, where is the private key file? The default location is/root/.ssh, which does not exist under ESXi5. Does go in .ssh? Has anyone implemented on ESXi5 and find out where the private key used for sessions outbound SSH is stored?
Save them under here
/ etc/ssh/Keys-root/authorized_keys
-
I bought a security certificate, and the site tells me that it has been installed successfully. I need to export the certificate so that I can create public and private keys, but I can't find the certificate to do so.
Firefox (Firefox Orange) > Options > Options > advanced > Certificates > authorities > export
Maybe you are looking for
-
HP #W2N32UA OMEN: AcceleometerST.exe system error
I got this pop notification on my laptop every time I turn it on. This happened after I updated Windows 10 'Error in AcceleometerST.exe System.
-
Hello All my USB ports are not working not properly. Allows to load my android phone, but can not see the pictures and other stuff. This also happens to my mouse and many other devices (they do not when it is connected to the PC). I'm trying to find
-
What is the best and why
-
What is happening is right, my screen goes black for a few seconds then comes back a msg of error indicates that the graphics have failed, but were retored. The proposed solutions should check for driver updates, manually update, check the manufactu
-
Incredible problems to get the new workgroup C8180 All-in-one
I bought a C8180 All-in-one printer to the end of September. When I plugged in and installed the software, everything seemed to function OK (I didn't test printing from the computer at the time), but after a short period of time to print Microsoft Wo