Controllerless Networks

 View Only
last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Error uploading certificate to IAP

This thread has been viewed 108 times

  • 1.  Error uploading certificate to IAP

    Posted Jul 18, 2019 01:13 PM

    I'm getting an error when trying to upload a pem file created using the directions in this article - https://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-Create-a-Certificate-for-Instant-Captive-Portal-using/ta-p/277025.

     

    The error I get when I attempt to upload is "cert_upload_error_in_rsa_key_validation_-_-14_txt".  I have tried the process outlined in the article above multiple time thinking I must be doing something wrong.  I've scoured the internet for this error message and get no results.  Does anyone know what my problem might be?

     

    Thanks in advance!

     

    Nathan



  • 2.  RE: Error uploading certificate to IAP

    EMPLOYEE
    Posted Jul 22, 2019 06:34 AM

    Do you have your key encrypted like in the referred document? Could it be that the passphrase is incorrect? Or that the key and the certificate don't match up?

     

    If there is someone you trust to share the file with that you try to upload, it's probably a logical reason. With just the error, it is hard to solve.

     

    Your Aruba partner, or Aruba support should be able to help you to assist with this.

     

     



  • 3.  RE: Error uploading certificate to IAP

    Posted Jul 22, 2019 07:50 AM

    Thanks for your response.  I've tried the private key both encrypted and unencrypted.   I tested the cert and private key to make sure they match using openssl and they do match.

     

    There are a number of articles that outline how to do this and they all seem to contradict themselves in one way or another.  If I had to guess, I think my problem is the formatting of the file I'm trying to upload.  I've tried to put the certificates in the pem file in different orders to no avail.  Can you tell me the proper order to place the certs (Public, Intermediate, Root, Private Key?) and does if have to have the .pem extension or can it be .crt?  I've tried .pfx format and that didn't work. 

     

    I just read that I only need the public cert and private key also but haven't tried that.  Do you know if this is true? 

     

    Thanks again for any help!



  • 4.  RE: Error uploading certificate to IAP

    EMPLOYEE
    Posted Jul 22, 2019 12:13 PM

    What I do is:

     

    -----BEGIN PRIVATE KEY-----
Private key here; I assume it can be a the end as well, I prefer to stick it here. It can be encrypted or unencrypted, if encrypted the passphrase should match
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
Server certificate here, issued by intermediate 1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate 1 certificate here, issued by the root CA
-----END CERTIFICATE-----

    You should not need to include the root CA, it should not really hurt or prevent the certificate from loading. What possibly does prevent the certificate from loading can be any additional text in between the ---END-- and ---BEGIN--- lines. When you export with openssl, it can put additional certificate information in text. Remove all that additional stuff.

     

    If you have additional intermediates, put them in order from the server cert (intermediate that issued the server cert first after the sever cert) to the root (intermediate issued by the CA root as last).



  • 5.  RE: Error uploading certificate to IAP

    Posted Aug 05, 2019 01:27 PM

    Hello nboothe, 

    i m running in the same issue, did you solve that problem ? 

     

    regards,

    thanks

     



  • 6.  RE: Error uploading certificate to IAP

    Posted Aug 06, 2019 03:47 PM

    I have not.  Did you get your certificate from GoDaddy?  I'm not sure what the problem is.  I inherited this wireless network so I'm beginning to think there is something else wrong that is causing this.  I've tried everything I can think of.  If you figure it out I'd appreciate knowing what you did.  I'll do the same if I figure it out.



  • 7.  RE: Error uploading certificate to IAP

    EMPLOYEE
    Posted Aug 12, 2019 05:28 AM

    The issue appeared to be a formatting issue in the import file. Some generic recommendations if you get import errors:

     

    - line-ends in the import file should be either DOS (CR+LF) or UNIX (LF). If you create the file on a UNIX system or MAC, or in Notepad on Windows, that should be good. With Notepad++ on Windows, you can select the line-ends.

    - When you receive certificates, sometimes there is a header that describes the certificate. Make sure that your import file has only the certificates itself as I showed above:

    -----BEGIN RSA PRIVATE KEY-----
MII.......
    <Private key here; I assume it can be a the end as well, I prefer to stick it here. It can be encrypted or unencrypted, if encrypted the passphrase should match>
    ............BJD1DnCs2W
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIEfTCCA2WgAwIBAgIDG+cVMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVT
    <Server certificate here, issued by intermediate 1>
qm5vjLyb4lddJIGvl5echK1srDdMZvNhkREg5L4wn3qkKQmw4TRfZHcYQFHfjDCm
    rw==
    -----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
    EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
    EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
    <Intermediate 1 certificate here, issued by the root CA>
    GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2x
    LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB
-----END CERTIFICATE-----

    Remove everything that is in front of the BEGIN or after the END lines of the initial file so you only keep like the example above with END and BEGIN lines head-to-head without anything in between.



  • 8.  RE: Error uploading certificate to IAP

    Posted Sep 17, 2021 09:21 PM
    I just had the same issue.  I tried everything Herman mentioned and it still didn't work. I converted from PEM format to DER and it finally uploaded fine.  Hope this helps someone...

    ------------------------------
    Ken Beck
    ------------------------------

    Original Message


  • 9.  RE: Error uploading certificate to IAP

    Posted Jan 24, 2022 02:46 PM
    Hello! I am having this same issue. I see that you said that you converted to DER, but how did you have your upload file configured? Did you have your CA and private key combined in the same file as Herman suggested?

    ------------------------------
    Brad Carico
    ------------------------------

    Original Message


  • 10.  RE: Error uploading certificate to IAP

    Posted Feb 28, 2022 03:42 PM
    Hi

    I guess you solved this by now :)

    * Upload the CA cert first.
    * You cannot for example have the webUI cert and key in the same file if using a binary format DER  (ASN.1). To upload cert and key together you have to use PEM, i.e base64 encoded text.
    * If I remember it right, the IAP accepts CA certs in both DER and PEM.
    * If you have PEM and use a shitty editor and did some copying that adds garbage to the base64 file the cert will be corrupt and not accepted.

    ------------------------------
    Per-Olov Sj�holm
    ------------------------------

    Original Message