Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 6
Registered: ‎03-28-2013

Problem occured on generate csr

Dear all,

I currently work on GTC Server Iron 350 and experienced a problem when I want to generate a SSL certificate request.

It said:

SLB-ServerIronGT C-Series#

SLB-ServerIronGT C-Series#ssl gencsr domainkey

You are about to be asked to enter information that will be incorporated into

your certificate request. What you are about to enter is what is called a

Distinguished Name or a DN.

Country name (2 letter code) ID

State or province (full name) Jakarta

Locality name (city)  Jakarta

Organization name (Company name) Telkom Indonesia

Organizational unit name (department) Web Administration

Common name (your domain name) www.telkom.co.id

Email address webadmin@telkom.co.id

SLB-ServerIronGT C-Series#Error : Could not open file domainkey

Anyone could help me about my case, please?

Thanks in advance

Kindest regards,

Kristian SM

Brocadian
Posts: 70
Registered: ‎03-14-2009

Re: Problem occured on generate csr

Kristian,

did you generate the "domainkey" with the command "ssl genrsa" ?

check via rcon with "sh ssl key *"

your "domainkey" is a local key for the CSR generation and is needed.

Occasional Contributor
Posts: 6
Registered: ‎03-28-2013

Re: Problem occured on generate csr

Alexander,

I generated the "domainkey" without the command "ssl genrsa".

1. Do I need to generate it with or without the genrsa?

2. There's no command "sh ssl key" on my GTC Server Iron 350, any suggestion?

Regards.

Brocadian
Posts: 70
Registered: ‎03-14-2009

Re: Problem occured on generate csr


You have to generate the key on the GTC.

The "sh ssl key *" command has to be issued via the rconsole.

Regards

Occasional Contributor
Posts: 6
Registered: ‎03-28-2013

Re: Problem occured on generate csr

Alexander,

Thanks for your kind answer.

I now facing another problem.

I had generated a Base-64-encoded CSR looks like this (I deleted some lines of them):

-----BEGIN CERTIFICATE-----

MIIFaTCCBFGgAwIBAgIDBmiTMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNVBAYTAlVT

MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQLExREb21haW4gVmFsaWRh

dGVkIFNTTDEbMBkGA1UEAxMSR2VvVHJ1c3QgRFYgU1NMIENBMB4XDTEzMDQwNDAz

MzIyM1oXDTEzMDUwNjE0MDA1N1owgcYxKTAnBgNVBAUTIEp0a21MajhxaW1saUk1

Ex53d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMxOTA3BgNVBAsTMERvbWFp

biBDb250cm9sIFZhbGlkYXRlZCAtIEdlb1RydXN0KFIpIFNTTCBUcmlhbDEgMB4G

A4IBDwAwggEKAoIBAQDPHQ5LzYlVx6PFCHPFCd8O9oGTuxsiUsC5IeV9cGpiIDWm

lRlo+yGSj+VVZiG+qznKT1m6V3zUoMQD3MKLlqAMTQUqJ/A4Rx8eEBBx2xY4y7xx

apsg6gQf5aWH352Enmu7roWjGs0N9Y4aLNWSSzcFs3paOAjlx2c9D8d6vnz1bIg4

QPYSJ2ye1JIrgMSevoAjPlujqVKsxzry9DbuglBqvUGp9En2RWN7vS162GQYTmL3

JKf1Zbrx7ps0/Yu7uw5K7Dz1kiJK2yEYAgQP6J1jPzMVL03QpNRaxbEpQDGGKyEN

drDX802imtx6QHM8wpWfUPcNka4og0TatO+MTcLDAgMBAAGjggHCMIIBvjAfBgNV

HSMEGDAWgBSM9NmTCke8AKBKzkt1bqC2sLJ+/DAOBgNVHQ8BAf8EBAMCBaAwHQYD

cmFwYXJhbWl0cmEuY29tghNzZW50cmFwYXJhbWl0cmEuY29tMEEGA1UdHwQ6MDgw

NqA0oDKGMGh0dHA6Ly9ndHNzbGR2LWNybC5nZW90cnVzdC5jb20vY3Jscy9ndHNz

bGR2LmNybDAdBgNVHQ4EFgQUP3oyfoQzQUSXw8iYoDLo6z9mC6owDAYDVR0TAQH/

BAIwADB1BggrBgEFBQcBAQRpMGcwLAYIKwYBBQUHMAGGIGh0dHA6Ly9ndHNzbGR2

LW9jc3AuZ2VvdHJ1c3QuY29tMDcGCCsGAQUFBzAChitodHRwOi8vZ3Rzc2xkdi1h

aWEuZ2VvdHJ1c3QuY29tL2d0c3NsZHYuY3J0MEwGA1UdIARFMEMwQQYKYIZIAYb4

RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNv

dXJjZXMvY3BzMA0GCSqGSIb3DQEBBQUAA4IBAQA3NtPTtbErgKWsEzN9jnlxUrYW

jDvl1d9OarzLUwadp5sgYAw8qtk5fjlIiZJuTiH0H4f+N5E3viAdDuIUjIvmG4E6

i9HGjyd0yKF4whinNhjUwqFvH6i39F5t+UZ9nQUjFhX/CvdZT57T2c05gtk0Hu+a

ru51gBIj5PQ4bFaC9U8wwMeryusx2AP2tttsM/knu3OBfe+SJHwSnG/ClM9aJlH4

GeqJXqrMh1Zz/rP2ArN/5kPrwcRxoxXlTUvV4MhLJNITLNvqQ9l4CV7GPVmRV37K

qefP7cNo/nJ9kmxnv7sLTLdSd5mApTUVlVpMpzoej12LVQAQoaMC+dhS9ZHe

-----END CERTIFICATE-----

But I confuse what I should do next with this encoded CSR, since ServerIron only knows .PEM and .P12 format file.

Do you have any suggestion?

Regards.

Brocadian
Posts: 70
Registered: ‎03-14-2009

Re: Problem occured on generate csr


With CSR you have to generate a Certificate at your CA.

The format of the certificate has to be in the p12 or PEM format.

You can convert formats of the certificate with e.g. openssl.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.