Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Fri Jun 02, 2023 3:56 am


Author Message
mandrei99
Post  Post subject: error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error  |  Posted: Fri Dec 12, 2014 10:32 am

Joined: Tue Aug 04, 2009 9:16 am
Posts: 250

Offline
 

error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error

error: Failed to encode the certificate request in PKCS-10 format

This post is related to another error appearing in Juniper SRX firewalls when certificates are loaded. Please read
http://forum.ivorde.ro/error-error-load-certid-test-when-attempting-to-import-signed-certificate-in-juniper-srx-firewall-t19311.html and http://forum.ivorde.ro/pki-how-to-import-openssl-private-key-and-public-certificate-in-juniper-srx-t19301.html before going further.

Here, I will generate a private key on the Juniper SRX firewall, then I will overwrite it with one that is generated in a linux system with Openssl. One thing that needs to be known is that private key on the SRX is in DER format, but it has an extra identifying header created when it is generated. Private key generated using openssl does NOT have this header. This is causing issues.

1. Generating the private key on the SRX firewall
Code:
> request security pki generate-key-pair certificate-id test size 2048 type rsa
Generated key pair test, key size 2048 bits


2. Overwriting the private key generated by SRX cli with one generated with openssl and restart PKI daemon (requires root):
Code:
% mv /var/tmp/test.priv /var/db/certs/common/key-pair/test.priv
> restart pki-service
PKI service daemon started, pid 50410


3. Attempting to generate a signing request with the private key results in below error:
Code:
> request security pki generate-certificate-request certificate-id test subject "DC=test,CN=test,OU=test,O=test,L=test,ST=test,C=RO" domain-name test.ivorde.ro
error: Failed to encode the certificate request in PKCS-10 format


Follow the post refernced at the top to correctly import an externally generated private ssl key into the SRX using the cli.





Top
Display posts from previous:  Sort by  
E-mail friendPrint view

Topics related to - "error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error"
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. error: error load certid<test> when attempting to import signed certificate in Juniper SRX Firewall

mandrei99

0

4775

Fri Dec 12, 2014 10:21 am

mandrei99 View the latest post

There are no new unread posts for this topic. PKI: How to import OpenSSL private key and public certificate in Juniper SRX

mandrei99

0

42540

Fri Dec 12, 2014 10:07 am

mandrei99 View the latest post

There are no new unread posts for this topic. Iphone/Ipad Ipsec VPNs using SSL certificates - How to use OpenSSL to generate and format certs

mandrei99

0

5568

Wed Apr 10, 2013 5:42 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT.

mandrei99

0

3100

Tue Oct 29, 2013 11:25 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX MTU / MSS / Fragmentation problems with Ipsec vpn tunnel

debuser

2

27510

Mon Jul 08, 2013 5:54 am

Tears View the latest post

There are no new unread posts for this topic. OpenSSL CA signed certificates based Ipsec VPN between Two Juniper SRX devices

debuser

2

11681

Thu Jun 27, 2013 10:40 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX: Main mode for dynamic peer with Preshared key based authentication is not allowed

mandrei99

0

3934

Fri Jan 09, 2015 11:41 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX 11.4: Bypass IPSEC VPN IKE ID validation for "remote-identity"

mandrei99

0

4703

Thu Oct 31, 2013 5:00 am

mandrei99 View the latest post

There are no new unread posts for this topic. Attachment(s) Juniper SRX Spoke-to-Spoke IPSEC VPN \w spokes behind NAT.

mandrei99

0

5086

Tue Oct 29, 2013 9:22 am

mandrei99 View the latest post

 

Who is online
Users browsing this forum: No registered users and 0 guests
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO