String Format DER or PEM certificates

I have installed a 1.2.0.899 EHT. It is only used for Services, the customer require all employees to access the Developer Portal and validated their credentials using LDAPS. No LDAP, no feature of AD EHT. The problem is that to enable LDAPS I must download the root certification authority for ISE, the client does not provide root CA for security reasons (?); They said that the certificate chain should be sufficient. Even the ISE user guide shows the chain of CA or root certificate. Thus, the client downloaded the (Microsoft 2008) PKI certificate chain and give it to me, but it is in .p7b (PKCS #7) format (they said there is no option to select another format). This format is not supported by ISE, so I need to use third-party tools to convert the file (www.sslshopper.com and openssl). It seems that the conversion is successful, but when I try to download on the ISE certificate store always I get the same error: "unable to read certificate file - please be sure that the file is in PEM or DER format.

The questions are:

1. is the file provided by the infrastructure public key to the p7b format always?

2. what should be the way to convert the file into something the ISE can understand?

3. must be the CA certificate root a better option vey?

Even the problems of conversion indicated above, I tried to open and convert the file by using the MMC. I know that the certificate chain has three files, I got the and downloaded to the ISE. Error of Pentecost two of these three files selected on LDAPS security configuration I can run the "Test bind to the server" with success, but whenever the user tries with his own credentials always access is refused with "invalid username or password".

Locking in the ISE log, I found that these messages:

ERROR, 0x2b263618c940, LdapSslConnectionContext::checkCryptoResult (id = 634): error message = SSL alert: code = 0 x 230 = 560; source = local; fatal = type; message = ' unknown CA - error unable to get issuer certificate locally", LdapSslConnectionContext.cpp:226".

ERROR, 0x2b263618c940, LdapConnectionBindingState::onInput (id = 634): bind ended with an error: 117, LdapConnectionStates.cpp:396

631, WARN, 0x2b263618c940, NILE-CONTEXT, Crypto: result = 1, Crypto.SSLConnection.pvClientInfoCB - alert triggered: code = 0 x 230 = 560, where = 0 x 4008 = 16392, source = local, SSLConnection.cpp:2765

WARN, 0x2b263618c940, NILE-CONTEXT, Crypto: result = 102, Crypto.SSLConnection.writeData - failed to write data, SSLConnection.cpp:970

ERROR, 0x2b263618c940, LdapSslConnectionContext::checkCryptoResult (id = 634): result crypto = 102, LdapSslConnectionContext.cpp:202

ERROR, 0x2b263618c940, cntx = 0000005789 user = tmxedscalcan, LdapServer::onAcquireConnectionResponse: impossible to acquire connection, LdapServer.cpp:461

ERROR, 0x2b263436e940, NILE-CONTEXT, [ActiveDirectoryClient::openCdcConnection] failed to open session of CDC due to error 32: ADClient is not running, ActiveDirectoryClient.cpp:1328

ERROR, 0x2b263436e940, NILE-CONTEXT, [ActiveDirectoryClient::connectClient] AD CDC client connection failed!, ActiveDirectoryClient.cpp:117

ERROR, 0x2b263436e940, NILE-CONTEXT ActiveDirectoryIDStore::performConnection - connection client failed, ActiveDirectoryIDStore.cpp:608

I have no idea how much - what they mean.

Someone told me the convertion with mmc on my pc was a mistake and I need to repeat the same process using the administrative tools on a server

I'm really confused and I don't know how to continue a process of troubleshooting.

How will I know that the original file is correct?

How will I know that the conversion is correct?

As the original string includes three certificates, I should upload them to ISE, separately or in a file?

The sponsor political screenshoot is attached. I have two rules with the same conditions an AD (just to test), one for LDAPS por.

I would appreciate your help

Kind regards.

Daniel Escalante

Hello

If you open the .p7b on a Windows machine. (Do not install)

Go to the Certification path and click the root certificate, click view certificate.

Now you have the root certificate.

Click details, and then click on copy to a file. This give you the possibility of exprot the root cert.

Then click, here you can choose to save in Base 64 encoded (DER) that you can import in ISE.

Click next and save it. Then try to import under Server certifiactes to the ISE

You can do this for sub-CA cert in the chain as well.

HTH

Tags: Cisco Security

Similar Questions

  • the entire signed 16-bit string format

    Is there a string of the format specifier 'In String Format', while the result is a string I16?

    My problem is when I use '%d' and the input string is 65535, the result string should be "-1".»

    crossrulz wrote:

    mitulatbati wrote:

    The function entry is a DBL...

    Then use the code of Jeff as an example of what to do.  You have just a double entry instead of a U32, U16.

    In fact, you need two conversions
    What to do with dbl (LabVIEW minute who could bite you one day: Float to int retains sign)

  • string format

    String format allows to insert a string into an existing string?

    Wire your input string for the format of entry instead.

  • String.format unrecognized in the BlackBerry project?

    I'm trying to fill a string but String.format (string, string) is not recognized:

    "The format of the method (String, String) is not defined for the String type.

    Although I use jdk 1.6 and I noticed that, if I open a regular java project this recognized.

    someone at - it be able to use it?

    http://www.BlackBerry.com/developers/docs/4.2api/Java/lang/string.html

    Does not exist. BlackBerry is not regular Java.

  • Developer SQL 4.1.1 connect returns "invalid connection string format.

    The "invalid connection string format" error is returned, while trying to connect, you use sql developer 4.1.1.19, using 1.8.0_51 JDK on Win 7 x 64 environment.

    The powers of the exact same connection, on the same OS Win 7 x 64, a product without any errors using sql developer 4.0.2.15, using the JDK 1.7.0_80

    Credentials were basic, by default, the name of the Service (not SID) and no special authentication.

    This problem is replicated when it is installed on a different platform to Win 7.

    Screen attached.Capture_sqld_4.1.1.jpg

    You say you have no non-alphabetic characters, but see this previous discussion (a hyphen was the problem) and see if any of Jeff's suggestions work for you: connection error after upgrade to 4.1

    I also read another post (non - developer SQL) where a symbol (@) in the password was a problem, but that may not apply to your case.

  • number in format string format

    Hello guys, in a sql I'm trying to convert a number in string format format.

    create table test_cpy (name varchar2 (20), age number (2), number (35)) of salary;

    insert into test_cpy values ('a', 20, 3746583);

    Select name. «, » || age | ',' |' = "' + salary + '" ' of test_cpy;

    The reason for the number of text conversion is because the data in the table will be exported to another file in the csv format and will be viewed in excel sheet and numbers with high value will have exponential value to it and I want to display the number as it is. Is the only one to do this to convert the number to text format.

    To convert the number in string format format, I used the following.

    Select name. ',' || Age | ',' || "=" "+salary+'" ' of test_cpy;

    (the sql above gives me an error-number 01722:invalid ora)

    I tried select name. ',' || Age | ',' || TO_CHAR (salary) of test_cpy;

    but when I finally show the data in excel, I always get the exponential values rather than the actual numbers

    5.03479E + 15

    Can someone help me please how to proceed with this.

    Thank you

    in fact if you follow these steps

    Select name. «, » || age | «, » || '="'|| salary | '"' of test_cpy;"

    the csv file when viewd in excel would display the numbers as text.

  • String formatting of Oracle

    If I do this Select to_char(16910,'$99999.99') I will get a result like this: $16910,00 which is good

    But if I do this Select to_char(16910,'$9999.99) I get a result like this: # I guess because there are only 4 9 and my value is 5 digits.

    I don't know how many digits my value will be so how do you know what is the string format to use so that you don't get results like the second query results?

    Published by: Rich75 on March 12, 2010 12:01 - modified grammar 
      1* Select to_char(16910,'$999,999,999.99') from dual
SQL> /

TO_CHAR(16910,'$
----------------
      $16,910.00

  • [SOLVED] Needing a string formatting module

    Hello!
    Is a feature of string format in Flex that can:
    (1) take advantage of the first letters of the words
    (2) replace special characters with other characters or spaces

    Ex:
    station_name-> Station name

    Please answer if you know it,
    Christo

    I would use regular expressions for this. See the help topic for FB 3:

    Using regular expressions

  • GetDate / date string format time

    Hi all

    I needed some help understand why I can't use %p for A.m. and p.M on my screen of outut. When I run the application, I get time but not indicates am/pm.

    I have attached the image and the VI.

    The 12-hour clock used %I for the time being.

    The correct format string is % I: % h: %p %S

  • string Formata a %f

    Hello

    I'm new to LabVIEW and it is sort of a basic question.

    I am trying to understand a code and I'm supposed to for it change as a result of our application. So here, I've got 'analysis of the chain"and to his Terminal"Format String ". "A %f.

    Now I know what %f is... but I don't understand what 'A' stands for.

    Thanks in advance!

    Netra wrote:

    Hi jcarmody,

    Thank you for such a quick reply!

    So to get say 8 digits and 3 after the comma, I should write "%8 .3f" right?

    Thanks in advance!

    You should probably use "%.3f.  The width is very specific.  So if you're not exactly 8 characters of the number you will not get the correct number.  Don't forget to look in the help section of the syntax of Format specifier.

  • Search and replace the string formatting

    Hello

    I try to do a search and replace the formatting of a string.

    In the example, I'm looking for the string 'SUCCESSFUL', but it must also begin by usbflash and some number + PASSED.

    I can't get the format to have a number between 1 and 99. The number of replacements should add up to 6 in this case. I tried with \d for any number, and I also tried [1-99].

    Make a right-click on the function search and replace the string.  There is an option to use regular Expressions.  Then give it a try.

    EDIT: You need to set the entry replace all to TRUE.

  • Number of a specific string format

    Colleagues Labview users,

    I'm quite familiar with Labview, but for some reason, I can't understand how to do the following:

    I need to format a number (a number) to a string of the form "mmmmee", where m is a number and 'ee' the exponential. For example:

    0.0128 becomes 1280-5

    1654086 becomes 165403

    0.0000006 becomes 0600-9

    etc.

    I would appreciate any advice.

    Thank you!

    Here is a quick sketch. I'm sure that some of the regex wizards will come back with something more simple.

    He needs some work still. For example, if the value is zero or negative, or if the Exhibitor resulting is more than 2 digits, you must also further handling. I am dealing with negative exponents that are more than 1 digit (i.e. 2 digits, including the sign).

  • String of Smartphones blackBerry, invalid certificates after the upgrade to Blackberry Messenger on torch

    I've recently updated my BBM to version 7.0.0.126 by suggestion in Blackberry App World. After the upgrade, I am getting an error on the screen every two minutes. It reads:

    "You are attemptiing to open a secure connection, but the string server certificate is not valid."

    When I click on "View certificate" I get this information:

    X *. VoIP.BlackBerry.com

    Unverifiable Cert Chain

    Status of string stale

    Revocation status: unknown

    Status of trust: trust explicitly

    Expiration date: Saturday, November 9, 2013 18:59:59

    Certification type: X 509

    The public key type: RSA 2048

    Object: CN = *. voip.blackberry.com; OR: IT; O = Research In Motion Limited. L = Waterloo; ST = Ontario; C = CA

    Issuer: CN is Thawte SSL CA.; O = Thawte, Inc.; C = US

    Serial number: 1679 4F1B FB86 F194 CA7C AA89 432 7433 has

    The key usage: Digital Signature; Encryption keys; Server authentication; Client authentication

    Signature algorithm: RSA_PKCS1/SHA1

    SHA1 Thumbprint: 66 4 86AB CF52 9023 C563 C776 813D C9D5 B18D 053D

    MD5 Fingerprint: 933 1 12 2 81 24A 7 E35A B117 48F9 48F9

    I made sure that I got everything updated on my Blackberry. Yet the problem persists. I'm on a package version 6.0 of Blackberry Torch 9800 695 (v6.0.0.246, platform 6.4.0.105). When I click "Software updates" under Options, I get: "your BlackBerry is up-to-date.

    The error message is driving me crazy and sometimes it is even difficult to get any use out of my phone because it appears whenever he wants, without worrying if I type an e-mail, in contact with someone on BBM or navigation.

    How can I get the error message stop popping up?

    Hey Netzimon,

    When you receive this error message is your BlackBerry smartphone connected to a Wi - Fi network, behind a firewall? If so, please see the following article:

    BlackBerry Messenger Voice Chat using a firewall

    http://BTSC.webapps.BlackBerry.com/BTSC/KB33102

    Let me know if it helps.

    Thank you.

  • String format using regular expressions

    Input string output format...

SELECT q'<select ab_c "ABC", efg "EFG" from dual>' str FROM DUAL

Output:

STR                                  
-------------------------------------
select ab_c "ABC", efg "EFG" from dual


Required output format using regular expression...


STR                                  
-------------------------------------
select 'ab_c' "ABC", 'efg' "EFG" from dual

    Regular expressions have many limitations as tools of analysis, and you specify the rules you want. This expression puts quotation marks around a non-empty string before a quoted string:

    SELECT regexp_replace(q'