Non résolu
1 Rookie
•
3 messages
0
10
S3148 : Add a CA certificate
Hi,
I m trying to up a CA certificate but it does not works.
S3148#crypto ca-cert install tftp://10.0.x.xx/CAcert.pem Loading CA certificate PEM-formatted file... % Error: CA Certificate file operation error.
I don't know what's happen.
Can you help me?
Thanks.
Regards.
DELL-Chris H
Moderator
Moderator
•
8.8K messages
0
24 juin 2024 20:11
PseudoAuHasard,
To start, would you verify if you are doing this from within Global Configuration Mode? Also, would you confirm that your CA follows the guidelines laid out on page 1047 here?
Let me know what you see and if this helps.
PseudoAuHasard
1 Rookie
1 Rookie
•
3 messages
0
25 juin 2024 07:17
Hello,
Thank you for your answer.
Yes i m in global configuration mode (no conf term). I m using completion to be sure to use good syntax.
I don't know if my certificate follows guideline because i tried on a S4112F-ON and on a S4128F-ON with this command :
This is my own CA.
In guideline :
The system checks if “CA:TRUE” is specified in the certificate’s extensions section and the keyCertSign bit (bit 5)
is set in the KeyUsage bit string extension. If these extensions are not set, the system does not install the certificate.
This is OK for my certificate.
I don't know what is happening. I can upload this CAcert in procurve and aruba switches.
Thanks for help.
Regards.
DELL-Marco B
Moderator
Moderator
•
3.5K messages
0
25 juin 2024 14:48
Hello,
some information about certificate online here
Troubleshooting Certificate Chain Issues Required for OpenManage Enterprise Migration | Dell US
Also which OS version of the switch?
Thanks
PseudoAuHasard
1 Rookie
1 Rookie
•
3 messages
0
25 juin 2024 15:19
Hello,
For S3148 :
I do not have problem with certificate chain but directly with our CA wich cannot be uploaded. I will check your link but unfortunately i don't think it will help.
Thanks to you. Regards.
DELL-Chris H
Moderator
Moderator
•
8.8K messages
0
25 juin 2024 16:44
In my opinion it looks like you're doing everything correctly so i am not sure why it isn't working beyond it being the CA itself causing the issue.