Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides :: error: Failed to encode the certificate request in PKCS-10 format

Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides https://forum.ivorde.com/

error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error https://forum.ivorde.com/error-failed-to-encode-the-certificate-request-in-pkcs-10-format-juniper-srx-pki-error-t19321.html	Page 1 of 1

Author:	mandrei99 [ Fri Dec 12, 2014 10:32 am ]
Post subject:	error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error
error: Failed to encode the certificate request in PKCS-10 format This post is related to another error appearing in Juniper SRX firewalls when certificates are loaded. Please read http://forum.ivorde.ro/error-error-load-certid-test-when-attempting-to-import-signed-certificate-in-juniper-srx-firewall-t19311.html and http://forum.ivorde.ro/pki-how-to-import-openssl-private-key-and-public-certificate-in-juniper-srx-t19301.html before going further. Here, I will generate a private key on the Juniper SRX firewall, then I will overwrite it with one that is generated in a linux system with Openssl. One thing that needs to be known is that private key on the SRX is in DER format, but it has an extra identifying header created when it is generated. Private key generated using openssl does NOT have this header. This is causing issues. 1. Generating the private key on the SRX firewall Code: > request security pki generate-key-pair certificate-id test size 2048 type rsa Generated key pair test, key size 2048 bits 2. Overwriting the private key generated by SRX cli with one generated with openssl and restart PKI daemon (requires root): Code: % mv /var/tmp/test.priv /var/db/certs/common/key-pair/test.priv > restart pki-service PKI service daemon started, pid 50410 3. Attempting to generate a signing request with the private key results in below error: Code: > request security pki generate-certificate-request certificate-id test subject "DC=test,CN=test,OU=test,O=test,L=test,ST=test,C=RO" domain-name test.ivorde.ro error: Failed to encode the certificate request in PKCS-10 format Follow the post refernced at the top to correctly import an externally generated private ssl key into the SRX using the cli.

Page 1 of 1	All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/