|
Topic review - error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error
| Author |
Message |
|
Post subject: error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error |  Posted: Fri Dec 12, 2014 10:32 am |
|
|
error: Failed to encode the certificate request in PKCS-10 formatThis post is related to another error appearing in Juniper SRX firewalls when certificates are loaded. Please read http://forum.ivorde.ro/error-error-load-certid-test-when-attempting-to-import-signed-certificate-in-juniper-srx-firewall-t19311.html and http://forum.ivorde.ro/pki-how-to-import-openssl-private-key-and-public-certificate-in-juniper-srx-t19301.html before going further. Here, I will generate a private key on the Juniper SRX firewall, then I will overwrite it with one that is generated in a linux system with Openssl. One thing that needs to be known is that private key on the SRX is in DER format, but it has an extra identifying header created when it is generated. Private key generated using openssl does NOT have this header. This is causing issues. 1. Generating the private key on the SRX firewall Code: > request security pki generate-key-pair certificate-id test size 2048 type rsa
Generated key pair test, key size 2048 bits
2. Overwriting the private key generated by SRX cli with one generated with openssl and restart PKI daemon (requires root): Code: % mv /var/tmp/test.priv /var/db/certs/common/key-pair/test.priv
> restart pki-service
PKI service daemon started, pid 50410
3. Attempting to generate a signing request with the private key results in below error: Code: > request security pki generate-certificate-request certificate-id test subject "DC=test,CN=test,OU=test,O=test,L=test,ST=test,C=RO" domain-name test.ivorde.ro
error: Failed to encode the certificate request in PKCS-10 format
Follow the post refernced at the top to correctly import an externally generated private ssl key into the SRX using the cli.
[b]error: Failed to encode the certificate request in PKCS-10 format[/b]
This post is related to another error appearing in Juniper SRX firewalls when certificates are loaded. Please read
[url]http://forum.ivorde.ro/error-error-load-certid-test-when-attempting-to-import-signed-certificate-in-juniper-srx-firewall-t19311.html[/url] and [url]http://forum.ivorde.ro/pki-how-to-import-openssl-private-key-and-public-certificate-in-juniper-srx-t19301.html[/url] before going further.
Here, I will generate a private key on the Juniper SRX firewall, then I will overwrite it with one that is generated in a linux system with Openssl. One thing that needs to be known is that private key on the SRX is in DER format, but it has an extra identifying header created when it is generated. Private key generated using openssl does NOT have this header. This is causing issues.
1. Generating the private key on the SRX firewall
[code]
> request security pki generate-key-pair certificate-id test size 2048 type rsa
Generated key pair test, key size 2048 bits
[/code]
2. Overwriting the private key generated by SRX cli with one generated with openssl and restart PKI daemon (requires root):
[code]
% mv /var/tmp/test.priv /var/db/certs/common/key-pair/test.priv
> restart pki-service
PKI service daemon started, pid 50410
[/code]
3. Attempting to generate a signing request with the private key results in below error:
[code]
> request security pki generate-certificate-request certificate-id test subject "DC=test,CN=test,OU=test,O=test,L=test,ST=test,C=RO" domain-name test.ivorde.ro
error: Failed to encode the certificate request in PKCS-10 format
[/code]
Follow the post refernced at the top to correctly import an externally generated private ssl key into the SRX using the cli.
|
|
|
  News  Site map  SitemapIndex  RSS Feed Channel list
|
|
