Welcome, Guest
Guest Settings
Help

APC Discussion Forums » Power, Racks, Cooling, Cabling & Software » InfraStruXure Central

 
Reply to this Thread Reply to this Thread Search Forum Search Forum Back to Thread List Back to Thread List

Permlink Replies: 5 - Pages: 1 - Last Post: Jul 30, 2010 5:16 PM Last Post By: aliasnexus0 Threads: [ Previous | Next ]
aliasnexus0

Posts: 3
Registered: 7/30/10
ISX Central 5.1.1 SSL Certificate
Posted: Jul 30, 2010 12:16 PM
Click to report abuse...   Click to reply to this thread Reply
Our organization currently uses wildcard certificates from DigiCert, and I have created one for our ISX Central box. However, the certificate never takes when it is applied to the Server Access pane. I receive the following error when applying the certificate:

Unable to configure RSA server private key
SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

Now that appears to be a fairly easy error to fix, but without shell access how am I suppose to fix that? Does ISX even accept wildcard certificates? Is there a particular SSL certificate format that needs to be fed to ISX, or will it take an apache formatted certificate?

Thanks.
mtroha

Posts: 397
Registered: 8/20/07
Re: ISX Central 5.1.1 SSL Certificate
Posted: Jul 30, 2010 12:29 PM   in response to: aliasnexus0 in response to: aliasnexus0
Click to report abuse...   Click to reply to this thread Reply
You can contact APC Support at 877-908-2688 and they can assist you with manually importing that certificate. The next version of ISX Central should support importing third party certs in the manner you are currently attempting, but currently its a manual process that must be done by APC.

-Mike
aliasnexus0

Posts: 3
Registered: 7/30/10
Re: ISX Central 5.1.1 SSL Certificate
Posted: Jul 30, 2010 12:33 PM   in response to: mtroha in response to: mtroha
Click to report abuse...   Click to reply to this thread Reply
When you say next version do you mean the current 6.0 release or will it be a later release?

Thanks for your help.

Message was edited by: aliasnexus0
mtroha

Posts: 397
Registered: 8/20/07
Re: ISX Central 5.1.1 SSL Certificate
Posted: Jul 30, 2010 1:58 PM   in response to: aliasnexus0 in response to: aliasnexus0
Click to report abuse...   Click to reply to this thread Reply
I think I heard it was slated for the 6.2 release. No exact ETA on it, I keep hearing 'end of the year.'

Your probably better off calling our team, I don't want to see you hold off for a release that has no official date as of now.
mtroha

Posts: 397
Registered: 8/20/07
Re: ISX Central 5.1.1 SSL Certificate
Posted: Jul 30, 2010 2:32 PM   in response to: aliasnexus0 in response to: aliasnexus0
Click to report abuse...   Click to reply to this thread Reply
I was actually thinking of a different issue. The feature coming in 6.2 is to import a cert for use with OpenLDAP/AD integration.

If you just trying to import a cert for server access, you are in the right place under Server Access. I'm not 100% sure if we accept wildcard certs or not, as I am not very familiar with them.

I think I recall one of the tricks being to just import (copy/paste) the key part of the cert, without the header and footer information that surrounds the actual body.

For Example, if the cert looks like this:

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
99:b9:a6:27:3f:8e:6d:7a
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=RI, O=Jeff Brown QA, OU=ISXC QA, CN=APC/emailAddress=jeff.brown@apcc.com
Validity
Not Before: Jan 29 17:33:29 2009 GMT
Not After : Jan 29 17:33:29 2010 GMT
Subject: C=US, ST=RI, L=SK, O=Schneider Electrico, OU=APC_DS3, CN=twix.ams.apc.com/emailAddress=twix@isxcqa.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ae:47:12:72:22:ca:a4:c5:e4:10:40:59:b5:1f:
57:08:14:a8:9b:32:b5:16:05:94:c7:7a:37:9c:f5:
b8:8f:98:e2:7f:53:0e:da:5e:0e:ca:f3:75:d0:8d:
82:e6:6b:89:38:ed:33:38:99:0c:07:bb:d1:05:4c:
93:ef:28:e3:dd:db:24:2a:02:42:a9:f0:4f:42:78:
3d:04:55:5c:0e:06:e9:f6:e9:83:24:9c:c6:82:20:
51:e3:c5:56:f8:33:56:f2:75:71:18:a1:d3:a3:a1:
3e:9a:c3:f3:53:8e:8c:19:a6:79:ce:e4:2d:65:54:
c0:d3:69:f2:13:95:6c:64:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
D1:8D:80:D9:BF:A0:BF:0F:A7:90:58:15:20:A1:B7:5B:85:E0:8E:BA
X509v3 Authority Key Identifier:
keyid:B3:41:8A:AC:86:47:F8:FB:22:E3:7D:6C:13:FE:19:0F:0C:D1:90:D1

Signature Algorithm: sha1WithRSAEncryption
8d:09:e7:6c:eb:93:ce:3f:2f:da:8d:b3:ee:af:35:4e:b1:3b:
44:aa:21:49:fa:0a:8a:a1:f4:bb:34:aa:2d:c9:b4:79:03:6e:
02:f1:fb:16:35:a1:03:9c:80:af:13:f1:52:26:f2:44:2f:ed:
c3:94:51:56:6d:f2:b8:6c:63:f0:03:5f:c2:89:70:64:1d:0a:
7c:95:f4:fb:54:58:66:58:1e:2a:6b:8a:b6:62:34:d1:ac:d8:
78:83:5b:1b:85:46:7d:e5:39:80:b6:d8:be:2a:c7:0e:8b:f0:
75:f5:7a:67:4a:11:bb:e5:79:09:22:36:e8:79:1e:55:22:cb:
8d:39
-----BEGIN CERTIFICATE-----
MIIDAjCCAmugAwIBAgIJAJm5pic/jm16MA0GCSqGSIb3DQEBBQUAMHYxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJSSTEWMBQGA1UEChMNSmVmZiBCcm93biBRQTEQMA4G
A1UECxMHSVNYQyBRQTEMMAoGA1UEAxMDQVBDMSIwIAYJKoZIhvcNAQkBFhNqZWZm
LmJyb3duQGFwY2MuY29tMB4XDTA5MDEyOTE3MzMyOVoXDTEwMDEyOTE3MzMyOVow
gZIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJSSTELMAkGA1UEBxMCU0sxHDAaBgNV
BAoTE1NjaG5laWRlciBFbGVjdHJpY28xEDAOBgNVBAsUB0FQQ19EUzMxGTAXBgNV
BAMTEHR3aXguYW1zLmFwYy5jb20xHjAcBgkqhkiG9w0BCQEWD3R3aXhAaXN4Y3Fh
Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArkcSciLKpMXkEEBZtR9X
CBSomzK1FgWUx3o3nPW4j5jif1MO2l4OyvN10I2C5muJOO0zOJkMB7vRBUyT7yjj
3dskKgJCqfBPQng9BFVcDgbp9umDJJzGgiBR48VW+DNW8nVxGKHTo6E+msPzU46M
GaZ5zuQtZVTA02nyE5VsZGECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNGN
gNm/oL8Pp5BYFSCht1uF4I66MB8GA1UdIwQYMBaAFLNBiqyGR/j7IuN9bBP+GQ8M
0ZDRMA0GCSqGSIb3DQEBBQUAA4GBAI0J52zrk84/L9qNs+6vNU6xO0SqIUn6Coqh
9Ls0qi3JtHkDbgLx+xY1oQOcgK8T8VIm8kQv7cOUUVZt8rhsY/ADX8KJcGQdCnyV
9PtUWGZYHiprirZiNNGs2HiDWxuFRn3lOYC22L4qxw6L8HX1emdKEbvleQkiNuh5
HlUiy405
-----END CERTIFICATE----- 

just cut and paste: 

  

-----BEGIN CERTIFICATE-----
MIIDAjCCAmugAwIBAgIJAJm5pic/jm16MA0GCSqGSIb3DQEBBQUAMHYxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJSSTEWMBQGA1UEChMNSmVmZiBCcm93biBRQTEQMA4G
A1UECxMHSVNYQyBRQTEMMAoGA1UEAxMDQVBDMSIwIAYJKoZIhvcNAQkBFhNqZWZm
LmJyb3duQGFwY2MuY29tMB4XDTA5MDEyOTE3MzMyOVoXDTEwMDEyOTE3MzMyOVow
gZIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJSSTELMAkGA1UEBxMCU0sxHDAaBgNV
BAoTE1NjaG5laWRlciBFbGVjdHJpY28xEDAOBgNVBAsUB0FQQ19EUzMxGTAXBgNV
BAMTEHR3aXguYW1zLmFwYy5jb20xHjAcBgkqhkiG9w0BCQEWD3R3aXhAaXN4Y3Fh
Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArkcSciLKpMXkEEBZtR9X
CBSomzK1FgWUx3o3nPW4j5jif1MO2l4OyvN10I2C5muJOO0zOJkMB7vRBUyT7yjj
3dskKgJCqfBPQng9BFVcDgbp9umDJJzGgiBR48VW+DNW8nVxGKHTo6E+msPzU46M
GaZ5zuQtZVTA02nyE5VsZGECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNGN
gNm/oL8Pp5BYFSCht1uF4I66MB8GA1UdIwQYMBaAFLNBiqyGR/j7IuN9bBP+GQ8M
0ZDRMA0GCSqGSIb3DQEBBQUAA4GBAI0J52zrk84/L9qNs+6vNU6xO0SqIUn6Coqh
9Ls0qi3JtHkDbgLx+xY1oQOcgK8T8VIm8kQv7cOUUVZt8rhsY/ADX8KJcGQdCnyV
9PtUWGZYHiprirZiNNGs2HiDWxuFRn3lOYC22L4qxw6L8HX1emdKEbvleQkiNuh5
HlUiy405
-----END CERTIFICATE----- 
aliasnexus0

Posts: 3
Registered: 7/30/10
Re: ISX Central 5.1.1 SSL Certificate
Posted: Jul 30, 2010 5:16 PM   in response to: mtroha in response to: mtroha
Click to report abuse...   Click to reply to this thread Reply
I did just that when importing or pasting the certificates, but no dice. I'm not going to worry about it to much right now. The self-signed certificates will work just fine as it is an internal only system.

Thanks for your help mtroha.
Pages: 1
Back to Thread List Back to Thread List
Threads: [ Previous | Next ]
Legend
Platinum Medalist: 3001 - 9999 pts
Silver Medalist: 2001 - 3000 pts
Super User: 1600 - 2000 pts
Guru: 1199 - 1599 pts
Advisor: 798 - 1198 pts
Specialist: 397 - 797 pts
Freshman: 0 - 396 pts
Helpful Answer (5 pts)
Correct Answer (10 pts)

Point your RSS reader here for a feed of the latest messages in all forums




Powered by Jive Forums