Solved: Problem with Custom certificate installation

MarioE · ‎01-12-2017

I have made an update from a Nimble Array CS215 to software version 3.6.1.0-419853-opt.

With this version, I can create a custom certificate.

I make the following steps, according to Command Reference version 3:

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Step 1:

create CSR:

cert --gen custom-csr --subject '/C=X/ST=X/L=X/O=X/OU=X/CN=FQDN' --dnslist FQDN,DomainName --iplist IPAddress

I make the CN=FQDN, not the Array Name

I make a costum certificate with the csr output.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Step 2:

Download CA Certificate from our CA Certificate Server and install it on the nimble with:

Nimble OS $ cert --import custom-ca

Please enter certificate in PEM format followed by ^D:

-----BEGIN CERTIFICATE-----

MIIG...

...

BhQQ==

-----END CERTIFICATE-----Nimble OS $

Output from cert --list:

...

custom-ca: (Pending) /DC=X/DC=X/DC=X/CN=X

...

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Step 3:

Install signed certificate from step 1:

Nimble OS $ cert --import custom

Please enter certificate in PEM format followed by ^D:

-----BEGIN CERTIFICATE-----

MIIHcj...

...

...9iFRs=

-----END CERTIFICATE-----ERROR: Keystore(PKCS12) file creation failed: unable to load certificates

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Why I can not install the signed certificate from the csr?

mblumberg16 · ‎01-13-2017

Hi Mario,

Try to add an empty line in step 2:

-----END CERTIFICATE-----Nimble OS $

Should look like this:

-----END CERTIFICATE-----

Nimble OS $

In other words, press enter after your copy paste.

Thanks,

Moshe.

MarioE · ‎01-13-2017

Hi Moshe,

That was the solution.

Many thanks for the the straight tip.

Thanks,

Mario

jliu79 · ‎04-07-2017

Hi I already have a signed wildcard SSL that I want to use, but when I tried to import it says no custom CSR file exists. I guess I have to create a CSR. But when I created the CSR then it says CRS mismatch when trying to import the wildcard SSL. Is wild card SSL supported?

mblumberg16 · ‎04-12-2017

Hi Jason, wild card is not supported with the admin commands as the CSR needs to be validated, this can't be done with a wild card.

menezesj45 · ‎04-13-2017

Hello,

are Wildcard certs that include the FQDN as an SNI supported?

I can create copies of our wildcard certs with specific hosts included (from DigiCert), so our cert would effectively include

example.com,

*.example.com,

nimble.example.com

Alternatively, are there plans to add support for wildcards in the future?

Problem with Custom certificate installation

Problem with Custom certificate installation

Problem with Custom certificate installation

Re: Problem with Custom certificate installation

Re: Problem with Custom certificate installation

Re: Problem with Custom certificate installation

Re: Problem with Custom certificate installation

Re: Problem with Custom certificate installation

Re: Problem with Custom certificate installation

Re: Problem with Custom certificate installation

Re: Problem with Custom certificate installation

Re: Problem with Custom certificate installation

Re: Problem with Custom certificate installation

Hewlett Packard Enterprise International