Array Setup and Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with Custom certificate installation

SOLVED
Go to solution
MarioE
Occasional Contributor

Problem with Custom certificate installation

I have made an update from a Nimble Array CS215 to software version 3.6.1.0-419853-opt.

With this version, I can create a custom certificate.

I make the following steps, according to Command Reference version 3:

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Step 1:

create CSR:

cert --gen custom-csr --subject '/C=X/ST=X/L=X/O=X/OU=X/CN=FQDN' --dnslist FQDN,DomainName --iplist IPAddress

I make the CN=FQDN, not the Array Name

I make a costum certificate with the csr output.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Step 2:

Download CA Certificate from our CA Certificate Server and install it on the nimble with:

Nimble OS $ cert --import custom-ca

Please enter certificate in PEM format followed by ^D:

-----BEGIN CERTIFICATE-----

MIIG...

...

...

BhQQ==

-----END CERTIFICATE-----Nimble OS $

Output from cert --list:

...

custom-ca:  (Pending) /DC=X/DC=X/DC=X/CN=X

...

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Step 3:

Install signed certificate from step 1:

Nimble OS $ cert --import custom

Please enter certificate in PEM format followed by ^D:

-----BEGIN CERTIFICATE-----

MIIHcj...

...

...9iFRs=

-----END CERTIFICATE-----ERROR: Keystore(PKCS12) file creation failed: unable to load certificates

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Why I can not install the signed certificate from the csr?

5 REPLIES
mblumberg16
Respected Contributor
Solution

Re: Problem with Custom certificate installation

Hi Mario,

Try to add an empty line in step 2:

-----END CERTIFICATE-----Nimble OS $

Should look like this:

-----END CERTIFICATE-----

Nimble OS $

In other words, press enter after your copy paste.

Thanks,

Moshe.

MarioE
Occasional Contributor

Re: Problem with Custom certificate installation

Hi Moshe,

That was the solution.

Many thanks for the the straight tip.

Thanks,

Mario

jliu79
Frequent Advisor

Re: Problem with Custom certificate installation

Hi I already have a signed wildcard SSL that I want to use, but when I tried to import it says no custom CSR file exists. I guess I have to create a CSR. But when I created the CSR then it says CRS mismatch when trying to import the wildcard SSL. Is wild card SSL supported?

mblumberg16
Respected Contributor

Re: Problem with Custom certificate installation

Hi Jason, wild card is not supported with the admin commands as the CSR needs to be validated, this can't be done with a wild card.

menezesj45
Occasional Visitor

Re: Problem with Custom certificate installation

Hello,

are Wildcard certs that include the FQDN as an SNI supported?

I can create copies of our wildcard certs with specific hosts included (from DigiCert), so our cert would effectively include

example.com,

*.example.com,

nimble.example.com

Alternatively, are there plans to add support for wildcards in the future?