HPE Community
Web and Unmanaged
1831300 Members
3324 Online
110023 Solutions
New Discussion

Cannot configure Custom Certificate on HP Switch 1910

 
LuukDost
Frequent Visitor

‎11-21-2017 11:54 PM

‎11-21-2017 11:54 PM

Cannot configure Custom Certificate on HP Switch 1910

We tried to assign a custom certificate in our HPE 1910-8G-PoE+ (180W) Switch JG350A.  Unfortunately we connot get it to work. The manual is not clear to us, so we hope can find the answer here. When we upload the certificate for the switch in request certificate (offline mode) it's giving us the following error "error root certificate is not trusted" so I would assume that we can upload the public root certificate of our CA somewhere in this switch.

We have looked everywhere in that GUI but cannot find any place where we can upload the public certificate of our Certificate Authority. What are we doing wrong?

0 Kudos
5 REPLIES 5
Dennis Handly
Acclaimed Contributor

‎11-22-2017 02:16 AM

‎11-22-2017 02:16 AM

Re: Cannot configure custom certificate on HPE Switch 1910

Have you tried putting both certs in same file?

0 Kudos
LuukDost
Frequent Visitor

‎11-22-2017 05:35 AM

‎11-22-2017 05:35 AM

Re: Cannot configure custom certificate on HPE Switch 1910

Hi Dennis, Thank you for your reply. This also doesn't work. I will try to explain which steps I took:

1. Destroyed Key in 1910 GUI under PKI -> Certificate
2. Create Key -> 2048 Key Length
3. Request Certificate -> Selected Configured Domain -> Enable Offline mode -> Apply
4. Used CSR information to issue certificate on internal CA with following commando (where xxx.xxx.local is common name of certificate):
certreq -submit -attrib "CertificateTemplate:WebServer\nSAN:dns=xxx.xxx.local"
5. Saved the certificate as xxx.xxx.local.cer
6.Exported the public certificate of internal CA in Base-64 Encoded format
7. Opened the xxx.xxx.local.cer and public certificate of CA both in notepad
8. Combined the content and saved the document as xxx.xxx.local.pfx
9. In 1910 GUI clicked on Retrieve Cert under PKI ->Certificate
10. Selected Configured Domain
11.Selected CA as Certificate type
12. Selected Enable Offline Mode
13.Selected Get File From PC and upladed xxx.xxx.local.pfx
14. Clicked on Apply
I received the following error now:
Certificate verification Failed. Error: CA root certificate is not trustued
15. When I select the Certificate Type Local instead of CA I receive the following error:
No Certificate or No certificate matched with hostkey in the file

0 Kudos
Dennis Handly
Acclaimed Contributor

‎11-22-2017 02:54 PM

‎11-22-2017 02:54 PM

Re: Cannot configure custom certificate on HPE Switch 1910

> Certificate verification Failed. Error: CA root certificate is not trusted

 

Is your CA the root?  Or only an intermediate CA?

In a browser you have to put that CA cert in the right certificate store, trusted.  Do you need to do that for your switch?

What does the header line show for that CA cert?

0 Kudos
LuukDost
Frequent Visitor

‎11-23-2017 02:37 AM

‎11-23-2017 02:37 AM

Re: Cannot configure custom certificate on HPE Switch 1910

The CA is the root indeed, not an intermediate CA. This certificate is in my trusted store and we use it for lot of other internal websites without any problems. And I assume I need to put this public certificate of our CA also in our switch somewhere, but I cannot figure it out how to do that. 

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.