error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error
error: Failed to encode the certificate request in PKCS-10 formatThis post is related to another error appearing in Juniper SRX firewalls when certificates are loaded. Please read
http://forum.ivorde.ro/error-error-load-certid-test-when-attempting-to-import-signed-certificate-in-juniper-srx-firewall-t19311.html and
http://forum.ivorde.ro/pki-how-to-import-openssl-private-key-and-public-certificate-in-juniper-srx-t19301.html before going further.
Here, I will generate a private key on the Juniper SRX firewall, then I will overwrite it with one that is generated in a linux system with Openssl. One thing that needs to be known is that private key on the SRX is in DER format, but it has an extra identifying header created when it is generated. Private key generated using openssl does NOT have this header. This is causing issues.
1. Generating the private key on the SRX firewall
Code:
> request security pki generate-key-pair certificate-id test size 2048 type rsa
Generated key pair test, key size 2048 bits
2. Overwriting the private key generated by SRX cli with one generated with openssl and restart PKI daemon (requires root):
Code:
% mv /var/tmp/test.priv /var/db/certs/common/key-pair/test.priv
> restart pki-service
PKI service daemon started, pid 50410
3. Attempting to generate a signing request with the private key results in below error:
Code:
> request security pki generate-certificate-request certificate-id test subject "DC=test,CN=test,OU=test,O=test,L=test,ST=test,C=RO" domain-name test.ivorde.ro
error: Failed to encode the certificate request in PKCS-10 format
Follow the post refernced at the top to correctly import an externally generated private ssl key into the SRX using the cli.