HPE Community
Array Setup and Networking
1828412 Members
3788 Online
109977 Solutions
New Discussion

Problem with Custom certificate installation

 
SOLVED
Go to solution
MarioE
Trusted Contributor

‎01-12-2017 11:52 PM

‎01-12-2017 11:52 PM

Problem with Custom certificate installation

I have made an update from a Nimble Array CS215 to software version 3.6.1.0-419853-opt.

With this version, I can create a custom certificate.

I make the following steps, according to Command Reference version 3:

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Step 1:

create CSR:

cert --gen custom-csr --subject '/C=X/ST=X/L=X/O=X/OU=X/CN=FQDN' --dnslist FQDN,DomainName --iplist IPAddress

I make the CN=FQDN, not the Array Name

I make a costum certificate with the csr output.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Step 2:

Download CA Certificate from our CA Certificate Server and install it on the nimble with:

Nimble OS $ cert --import custom-ca

Please enter certificate in PEM format followed by ^D:

-----BEGIN CERTIFICATE-----

MIIG...

...

...

BhQQ==

-----END CERTIFICATE-----Nimble OS $

Output from cert --list:

...

custom-ca:  (Pending) /DC=X/DC=X/DC=X/CN=X

...

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Step 3:

Install signed certificate from step 1:

Nimble OS $ cert --import custom

Please enter certificate in PEM format followed by ^D:

-----BEGIN CERTIFICATE-----

MIIHcj...

...

...9iFRs=

-----END CERTIFICATE-----ERROR: Keystore(PKCS12) file creation failed: unable to load certificates

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Why I can not install the signed certificate from the csr?

Reply
5 REPLIES 5
mblumberg16
Respected Contributor

‎01-13-2017 09:47 AM

‎01-13-2017 09:47 AM

Solution

Re: Problem with Custom certificate installation

Hi Mario,

Try to add an empty line in step 2:

-----END CERTIFICATE-----Nimble OS $

Should look like this:

-----END CERTIFICATE-----

Nimble OS $

In other words, press enter after your copy paste.

Thanks,

Moshe.

0 Kudos
Reply
MarioE
Trusted Contributor

‎01-13-2017 11:34 AM

‎01-13-2017 11:34 AM

Re: Problem with Custom certificate installation

Hi Moshe,

That was the solution.

Many thanks for the the straight tip.

Thanks,

Mario

0 Kudos
Reply
jliu79
Frequent Advisor

‎04-07-2017 06:48 AM

‎04-07-2017 06:48 AM

Re: Problem with Custom certificate installation

Hi I already have a signed wildcard SSL that I want to use, but when I tried to import it says no custom CSR file exists. I guess I have to create a CSR. But when I created the CSR then it says CRS mismatch when trying to import the wildcard SSL. Is wild card SSL supported?

0 Kudos
Reply
mblumberg16
Respected Contributor

‎04-12-2017 03:43 AM

‎04-12-2017 03:43 AM

Re: Problem with Custom certificate installation

Hi Jason, wild card is not supported with the admin commands as the CSR needs to be validated, this can't be done with a wild card.

0 Kudos
Reply
menezesj45
Occasional Visitor

‎04-13-2017 09:13 AM

‎04-13-2017 09:13 AM

Re: Problem with Custom certificate installation

Hello,

are Wildcard certs that include the FQDN as an SNI supported?

I can create copies of our wildcard certs with specific hosts included (from DigiCert), so our cert would effectively include

example.com,

*.example.com,

nimble.example.com

Alternatively, are there plans to add support for wildcards in the future?

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.