Unsolved
This post is more than 5 years old
21 Posts
0
4705
Using wildcard certificate on dell switches
Hi,
I've been trying to import our wildcard certificate to a Dell N4032F switch, but I keep getting the error
"Error! Cound not import the crypto Certificate" (Using CLI)
or
"Failed to import certificate" (Using HTTPS)
What am I doing wrong? I'm copy-pasting the content of the .crt file.
Hope you can help
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
September 4th, 2018 12:00
What kind of certificate are you trying to import? Which command are you running to import? What firmware is the switch running?
moxom
21 Posts
0
September 7th, 2018 02:00
Hi Daniel,
For now I'm trying to import it on a Dell N4032F switch.
Firmware version is 6.3.3.9
I've done it either by copy-pasting the certificate using HTTPS, or by issuing the command "crypto certificate 1 import", which tells me to paste the certificate followed by a ".". I have disabled HTTPS before issuing the command.
Its a wildcard x509 certificate:
root@web:/etc/apache2/ssl# openssl x509 -in mydomain.crt -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
37:21:bc:x5:eb:46:fe:a5:63:e4:25:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = BE, O = GlobalSign nv-sa, CN = AlphaSSL CA - SHA256 - G2
Validity
Not Before: Feb 12 09:14:49 2018 GMT
Not After : Feb 13 09:14:49 2020 GMT
Subject: OU = Domain Control Validated, CN = *.mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit
If this isn't the correct cert, which one should i get, to get rid of the security warning using https to the switches?
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
September 7th, 2018 07:00
You should be able to use these commands to enable HTTPS and generate a certificate the switch can use.
Here is the KB article: https://dell.to/2oNNCWH
If that doesn't work, could you please include a screenshot of the message you are receiving.
Thanks
moxom
21 Posts
0
September 12th, 2018 02:00
That's what I'm doing already, and it works.
Only problem is that my boss would like to get rid of the certificate warnings due to the self-signed certificate. Therefore, we would like to import our own certificate. Could you please help me do that, or tell me what's required to get it to work?
Thanks in advance
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
1
September 12th, 2018 08:00
The command you are using to import is the correct command. Here are some other points to keep in mind.
-The imported certificate must be based on a certificate request created by the crypto certificate request Privileged Exec command.
-If the public key found in the certificate does not match the switch's SSL RSA key, the command fails.
-Certificates are validated on input. The system log will show any encountered certificate errors such as invalid format or if the certificate could not be validated against the switch private key. Invalid certificates are not imported. The signed certificate must contain the switch public key and match the RSA key on the switch and must be in X509 PEM text format.
Here are steps outlined by another community member on what worked for them.
https://dell.to/2p2UG1Y
"generated Key+CSR with OpenSSL in RSA 2048Bit SHA-256.The naming of the key on the switch is sslt_key1.pem and the cert is sslt_cert1.pem. Copy these files to flash:// and they override the existing ones, reload the website and it's working."
lazrtap
3 Posts
0
July 5th, 2019 00:00
Recently I wanted to import a commercial wildcard certificate onto my Dell N3024 switch.
The documentation was not very helpful as it only contains information about generating a self-signed certificate or a certificate request to be signed by a Certificate Authority.
Since I wanted to use a certificate I already have I had come up with a way of importing that certificate.
These are the to files (certificate + private key) I've bought:
wildcard.crt
private.key
In order to import them you have to have them on a server or an USB stick and copy them directly on the switch.
I've used a linux box in my network with the IP of 192.168.1.7
Both files were stored in /home/username dir:
Connect to the switch and login.
Copy the private key.
Note: The path points to the home directory of the user not the root of the filesystem.
Now copy the certificate:
The last thing you have to do is to enable HTTPS with that certificate:
No you can connect to https:// and verify if the certificate is properly configured.
You can have up to two cerificates installed on the switch.
If you want to add a second one just change the 1 in the sslt_*.pem filenames to 2, ie.:
austin-t
84 Posts
0
December 8th, 2022 03:00
Use Chrome to examine the cert now assigned to the switches https:// interface