2 Replies Latest reply: Jan 13, 2017 11:34 AM by Mario Eyer RSS

    Problem with Custom certificate installation

    Mario Eyer Newbie

      I have made an update from a Nimble Array CS215 to software version 3.6.1.0-419853-opt.

      With this version, I can create a custom certificate.

      I make the following steps, according to Command Reference version 3:

      -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      Step 1:

      create CSR:

      cert --gen custom-csr --subject '/C=X/ST=X/L=X/O=X/OU=X/CN=FQDN' --dnslist FQDN,DomainName --iplist IPAddress

       

      I make the CN=FQDN, not the Array Name

       

      I make a costum certificate with the csr output.

      -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      Step 2:

      Download CA Certificate from our CA Certificate Server and install it on the nimble with:

       

      Nimble OS $ cert --import custom-ca

      Please enter certificate in PEM format followed by ^D:

      -----BEGIN CERTIFICATE-----

      MIIG...

      ...

      ...

      BhQQ==

      -----END CERTIFICATE-----Nimble OS $

       

      Output from cert --list:

      ...

      custom-ca:  (Pending) /DC=X/DC=X/DC=X/CN=X

      ...

      -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      Step 3:

      Install signed certificate from step 1:

       

      Nimble OS $ cert --import custom

      Please enter certificate in PEM format followed by ^D:

      -----BEGIN CERTIFICATE-----

      MIIHcj...

      ...

      ...9iFRs=

      -----END CERTIFICATE-----ERROR: Keystore(PKCS12) file creation failed: unable to load certificates

      -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      Why I can not install the signed certificate from the csr?