Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Sat Aug 19, 2017 2:43 am


Author Message
mandrei99
Post  Post subject: error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error  |  Posted: Fri Dec 12, 2014 10:32 am

Joined: Tue Aug 04, 2009 9:16 am
Posts: 245

Offline
 

error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error

error: Failed to encode the certificate request in PKCS-10 format

This post is related to another error appearing in Juniper SRX firewalls when certificates are loaded. Please read
http://forum.ivorde.ro/error-error-load-certid-test-when-attempting-to-import-signed-certificate-in-juniper-srx-firewall-t19311.html and http://forum.ivorde.ro/pki-how-to-import-openssl-private-key-and-public-certificate-in-juniper-srx-t19301.html before going further.

Here, I will generate a private key on the Juniper SRX firewall, then I will overwrite it with one that is generated in a linux system with Openssl. One thing that needs to be known is that private key on the SRX is in DER format, but it has an extra identifying header created when it is generated. Private key generated using openssl does NOT have this header. This is causing issues.

1. Generating the private key on the SRX firewall
Code:
> request security pki generate-key-pair certificate-id test size 2048 type rsa
Generated key pair test, key size 2048 bits


2. Overwriting the private key generated by SRX cli with one generated with openssl and restart PKI daemon (requires root):
Code:
% mv /var/tmp/test.priv /var/db/certs/common/key-pair/test.priv
> restart pki-service
PKI service daemon started, pid 50410


3. Attempting to generate a signing request with the private key results in below error:
Code:
> request security pki generate-certificate-request certificate-id test subject "DC=test,CN=test,OU=test,O=test,L=test,ST=test,C=RO" domain-name test.ivorde.ro
error: Failed to encode the certificate request in PKCS-10 format


Follow the post refernced at the top to correctly import an externally generated private ssl key into the SRX using the cli.





Top
Display posts from previous:  Sort by  
E-mail friendPrint view

Topics related to - "error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error"
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. error: error load certid<test> when attempting to import signed certificate in Juniper SRX Firewall

mandrei99

0

1994

Fri Dec 12, 2014 10:21 am

mandrei99 View the latest post

There are no new unread posts for this topic. PKI: How to import OpenSSL private key and public certificate in Juniper SRX

mandrei99

0

25654

Fri Dec 12, 2014 10:07 am

mandrei99 View the latest post

There are no new unread posts for this topic. Iphone/Ipad Ipsec VPNs using SSL certificates - How to use OpenSSL to generate and format certs

mandrei99

0

2811

Wed Apr 10, 2013 5:42 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT.

mandrei99

0

1231

Tue Oct 29, 2013 11:25 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX MTU / MSS / Fragmentation problems with Ipsec vpn tunnel

debuser

2

16254

Mon Jul 08, 2013 5:54 am

Tears View the latest post

There are no new unread posts for this topic. OpenSSL CA signed certificates based Ipsec VPN between Two Juniper SRX devices

debuser

2

6563

Thu Jun 27, 2013 10:40 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX: Main mode for dynamic peer with Preshared key based authentication is not allowed

mandrei99

0

1453

Fri Jan 09, 2015 11:41 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX 11.4: Bypass IPSEC VPN IKE ID validation for "remote-identity"

mandrei99

0

1925

Thu Oct 31, 2013 5:00 am

mandrei99 View the latest post

There are no new unread posts for this topic. Attachment(s) Juniper SRX Spoke-to-Spoke IPSEC VPN \w spokes behind NAT.

mandrei99

0

1972

Tue Oct 29, 2013 9:22 am

mandrei99 View the latest post

 

Who is online
Users browsing this forum: No registered users and 0 guests
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO