simonsez Posted July 24, 2013 Posted July 24, 2013 Hi, I'm trying to get my wildcard certificate to work on my Isy 994. I followed the steps in the Security Guide and got the certificate imported to the Isy through the dashboard.. After doing so I rebooted my Isy. However when I go back to the Isy I get a certificate warning and when I examine the certificate in the browser, it's still using the self generated isy.universal-devices.com one. If I go back to the Dashboard, Network, Server Certificate I see the details of my certificate listed, yet the Isy doesn't seem to actually be using it. What am I missing here to get the Isy to use the certificate I imported? One thing I noticed is that the network security guide implies (on page 9) that the ISY will reboot for the changes to take effect. This sounds like the Isy will reboot itself, in my particular case it did not so I rebooted it using the telnet interface. Thanks, Simon
Michel Kohanim Posted July 25, 2013 Posted July 25, 2013 Hi Simon, If you have a wildcard certificate, you must import it in PKCS12 format. Is that what you did? With kind regards, Michel
simonsez Posted July 25, 2013 Author Posted July 25, 2013 If you have a wildcard certificate, you must import it in PKCS12 format. Is that what you did? Hi Michel! That's exactly what I did. The certificate is also being used for an Apache webserver, so I had to convert it. I used the following command to do so: openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt I also tried loading the certificate onto a Windows machine using the certificates snap in just to verify that it was 'good' and it was able to import it with no problems. I am guessing if it wasn't in the right format importing would have probably failed? Right now I can see all the certificate details in when clicking on Server Certificate in the dashboard. Simon
Michel Kohanim Posted July 25, 2013 Posted July 25, 2013 Hi Simon, If you are getting the correct information about the certificate, then the problem is the key and or signature. Currently, ISY can only handle up to 2048 bit RSA keys with SHA1 signatures. With kind regards, Michel
Recommended Posts