- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: Problem TA profile while enabling ssl on 2530
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-11-2017 03:00 AM
тАО04-11-2017 03:00 AM
Problem TA profile while enabling ssl on 2530
I am having trouble implementing a CA for the webinterfaces on some of my HP switches (firmware YB.16.02.0016, type procurve (or aruba as they are called nowadays?) 2530) .
When installing the leaf cert IтАЩm getting the message тАЬCertificate being installed is not signed by the TA certificate.тАЭ And I can assure you it IS signed by the TA certificate.
What am I missing/doing wrong? Below the step by step actions.
These switches require a TA-profile etc.
So I created a TA profile:
crypto pki ta-profile netwerk
I created an Identity profile:
crypto pki identity-profile Domijn subject
Enter Common Name(CN) : sw1113
Enter Org Unit(OU) : Domijn
Enter Org Name(O) : ITwoon
Enter Locality(L) : Enschede
Enter State(ST) : Overijssel
Enter Country(C) : NL
I am using openssl to create my own CA plus leafcerts
Loaded my rootcert as TA:
copy tftp ta-certificate netwerk 10.10.1.60 netwerkCA2.crt
00000K Transfer is successful
Created a CSR:
crypto pki create-csr certificate-name sw1113 ta-profile netwerk usage web subject common-name sw1113 key-size 2048
-----BEGIN CERTIFICATE REQUEST-----
MIIBUDCBugIBADARMQ8wDQYDVQQDEwZzdzExMTMwgZ8wDQYJKoZIhvcNAQEBBQADg
........
oWFs5AWt+318e+W48gs7y7q60GBnkZ8dc5YgxLoHFsytih5bpsoWABQQABDZBFEqN
Pt9ahBS+zhSPrzM02ESYPXwmK/LOsVxbqnNPTHjg9LWcHfYQ3Lw51GrmKYuHRlCA=
=
-----END CERTIFICATE REQUEST-----
Creating the leaf cert signed by the root cert with openssl and when installing strange things happen:
crypto pki install-signed-certificate
Paste the certificate here and enter:
-----BEGIN CERTIFICATE-----
MIIEcTCCA1mgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UEBhMCTkwx
EzARBgNVBAgTCk92ZXJpanNzZWwxETAPBgNVBAcTCEVuc2NoZWRlMQ8wDQYDVQQK
EwZEb21pam4xDzANBgNVBAsTBklUd29vbjEbMBkGA1UEAxMSbmV0d2VyayBDQTIg
.....................
jzT6hlcVoUVTU1xuaLgVJVPFq6/PmEkF7/ExRr1W6smq40VdodswiPnoqj0w3yxp
r1p6t1hp3rRqv/W1hexk/wSy5Z9e8Du9vCUx7UOfSvSVIkqa8pAkjE8WPrkav//4
+ZBNVVKuh2appFkJWXhAsJv3TOULCXI5DC+AwilwCpu56owAzA==
-----END CERTIFICATE-----
Certificate being installed is not signed by the TA certificate.
And there we are!!
Admittedly, while signing the leaf cert, I enrich the leaf cert with all kinds of stuff:
Alternate names, CDP etc. But that should not be a problem, as far as I knowтАж.
To be complete, both certs:
CA:
-----BEGIN CERTIFICATE-----
MIIE4DCCA8igAwIBAgIJAMzdzyT1UFEyMA0GCSqGSIb3DQEBBQUAMIGXMQswCQYD
VQQGEwJOTDETMBEGA1UECBMKT3Zlcmlqc3NlbDERMA8GA1UEBxMIRW5zY2hlZGUx
DzANBgNVBAoTBkRvbWlqbjEPMA0GA1UECxMGSVR3b29uMRswGQYDVQQDExJuZXR3
ZXJrIENBMiBEb21pam4xITAfBgkqhkiG9w0BCQEWEmhlbHBkZXNrQGl0d29vbi5u
bDAeFw0xNzA0MDUxMTI1MjlaFw0yNzA0MDMxMTI1MjlaMIGXMQswCQYDVQQGEwJO
TDETMBEGA1UECBMKT3Zlcmlqc3NlbDERMA8GA1UEBxMIRW5zY2hlZGUxDzANBgNV
BAoTBkRvbWlqbjEPMA0GA1UECxMGSVR3b29uMRswGQYDVQQDExJuZXR3ZXJrIENB
MiBEb21pam4xITAfBgkqhkiG9w0BCQEWEmhlbHBkZXNrQGl0d29vbi5ubDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJXIr8CNQqBwGAJ/6+NC0/oVI+1
Ae7P5wNdNWTV+j9+Vl3YaTQVSq3+hnNVfzOZhBApf4+g9+Sn1nAv/FtBxKJgMCSS
nOyEuJWkYsyBfp7NKFwrBZmGLO6JdkAeZG98BoHVEPLQ9Ee+4LVXN5MR7xETiz/9
2VUsYCrTHKlNCdjIZH2woHf6dxxApYmyvmzj3wHKH5UYWCDuGqGtM8QEviBYed3w
DB6vrq/VunjCG8xH4dbd8FCAo2WCQ+Jn0QNcSC0lwiVucjAkVAit58dB1Fkx4CuK
EKAFTKSBpJb+My/xx1L+HB0lMvcXGTwQCrvh24fZagyXM0KiuBiOhSzDxKUCAwEA
AaOCASswggEnMA4GA1UdDwEB/wQEAwIBhjAWBgNVHSUBAf8EDDAKBggrBgEFBQcD
ATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTzsXqpAj/jjPJ68ZBV7bP7yYUz
aDCBzAYDVR0jBIHEMIHBgBTzsXqpAj/jjPJ68ZBV7bP7yYUzaKGBnaSBmjCBlzEL
MAkGA1UEBhMCTkwxEzARBgNVBAgTCk92ZXJpanNzZWwxETAPBgNVBAcTCEVuc2No
ZWRlMQ8wDQYDVQQKEwZEb21pam4xDzANBgNVBAsTBklUd29vbjEbMBkGA1UEAxMS
bmV0d2VyayBDQTIgRG9taWpuMSEwHwYJKoZIhvcNAQkBFhJoZWxwZGVza0BpdHdv
b24ubmyCCQDM3c8k9VBRMjANBgkqhkiG9w0BAQUFAAOCAQEAdP30kzcCRAXWJAYr
eZs+2OUbf0qPYOjMEw/ORGUG5jB2GZ+eu7cjyZI2uUXlu66TiA72/EFX4QAgTzOO
TKBLwhHPbbQ6mWcE42G6UKA3HPTR4xQeUCUwZz/YakdpECchShYpVF9PIl61b/1u
e93YFMNfTjHbVuBymcbOf9xF2FujRGGPTa7R8OdGYUqVcTe/xZZG6+PhQV01Bpi5
DhAuafofiNi8sVHCKGc5Nk6xRLQbMkLuD2QciuZiTEtkOlxbtJcL2ecgvnHA9cyS
81CFPXLrhnobsthNLAF2l4OESwjncyWoQQOb1/Yj+gaFX3CSo5MQamoCo0znUOnx
jfhRhQ==
-----END CERTIFICATE-----
Leaf:
-----BEGIN CERTIFICATE-----
MIIEcTCCA1mgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UEBhMCTkwx
EzARBgNVBAgTCk92ZXJpanNzZWwxETAPBgNVBAcTCEVuc2NoZWRlMQ8wDQYDVQQK
EwZEb21pam4xDzANBgNVBAsTBklUd29vbjEbMBkGA1UEAxMSbmV0d2VyayBDQTIg
RG9taWpuMSEwHwYJKoZIhvcNAQkBFhJoZWxwZGVza0BpdHdvb24ubmwwHhcNMTcw
NDExMDkxNTE1WhcNMjIwNDEwMDkxNTE1WjBoMQ8wDQYDVQQDEwZzdzExMTMxDzAN
BgNVBAsTBkRvbWlqbjEPMA0GA1UEChMGSVR3b29uMREwDwYDVQQHEwhFbnNjaGVk
ZTETMBEGA1UECBMKT3Zlcmlqc3NlbDELMAkGA1UEBhMCTkwwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDFsu7bNN3Qe4EF87UqmoSk1LGRbe1uoUP8WPkD
28W3/anXETNS+IDZO9Krce+6oxfCRbHOQB+PUcbq2A188iMJMx6kYw2Nbnr5TzDM
PLOrrimcCQYF5fFnAN6Q6V9YbZWy2qJLs+Fmw8TaPLOKT/36XY8exRAbJ32MMTQE
e/cx9bDmlLAG+Hy2uI88WySgCc2nOOOWxTUw7Ar3X8Asei6C8Zq1OfMzsCTNep3v
gqnV9LirDHzI5HcCH/2EuPcJ5QJ4jEzLo0UhXGqGObYs3m5GyWT4VkqxcovvosQb
c4bXk5+IMLNEhMQe2PY3A9oBya7myAMD9lEWxFJRWn1WTJSfAgMBAAGjgfUwgfIw
EwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMAwGA1UdEwEB/wQCMAAw
TgYDVR0RBEcwRYIYc3cxMTEzLm5ldHdlcmsuZG9taWpuLm5sghtzcnYtcC1zdzEx
MTMtMDEuaW5mcmEubG9jYWyCDDE3Mi4xNi4xLjE3MjBwBgNVHR8EaTBnMGWgO6A5
hjdodHRwOi8vbmV0d2Vya0NBc2VydmVyLm5ldHdlcmsuZG9taWpuLm5sL25ldHdl
cmtDQTIuY3JsgQIFYKIipCAwHjELMAkGA1UEBhMCTkwxDzANBgNVBAoMBkRvbWlq
bjANBgkqhkiG9w0BAQUFAAOCAQEAp9ljL3+HCYoKa+XRmvdWYtu9CKhf+J61GCgs
Rk4N9x3rFIGVXwNs+z8nHdyQYRVhTrNVZZjjNMgWgrzRjoVUVWXS90nIE8M6kUQM
7wpcfxkjPW1nSdUyaN1thiMeRAesVmNzpnHz8uLk0Mwx58iG67J4SuJpRicTDoQx
269yRkO9Tw9DiqL9nY5I6j+Kw5Tk2cTI6tdtxNQJ/6Qahcrow5XhpR2ljLgmBqih
8f+leuvV2jCoLY90eqZm7aPN8iNvAXqasxAyNgUieVyzlKojZ84C74hOm9V/ShHC
Xoc4wVLvsZopU7y3r/zGeCP1SW82eMOfARkUDQhpoBnYh1kTsQ==
-----END CERTIFICATE-----
Any assistance would be very much appreciated.
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-03-2017 02:02 PM
тАО07-03-2017 02:02 PM
Re: Problem TA profile while enabling ssl on 2530
It might be best to check with HPE Product Support
MargaretN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-23-2021 08:22 AM - edited тАО02-25-2021 08:30 PM
тАО02-23-2021 08:22 AM - edited тАО02-25-2021 08:30 PM