02-03-2014 04:30 PM
I just closed a case with TAC that took a couple of weeks to dial in. Thought I'd throw this out there in case anyone else runs into the same issue as me.
IAP 225 using InCommon for a ServerAuth certificate for the Employee SSID. No certificate I downloaded from InCommon was in a format the IAP would accept. It would say it uploaded correctly but never updated in the certificate window. Types of certs InCommon supports are X509(base64),PKCS#7(bin),PKCS#7(Base64),X509(cert only base64), X509 inter/root only base64, and X509 inter/root only Reverse base64.
Since 6.3 stops supporting .pfx certificates, I had to perform a 2 step cert conversion. I downloaded the X509 base64 and converted it to a .pfx with my private key to get the chain complete. I then converted from .pfx to .pem to get it in the format the IAP would support.
Hope that helps though I'd like to ask if anyone knows a way to convert straight to pem by "injecting" the private key such as one can do with the pfx? I haven't found anything online yet.