Jump to content

Certificate Import Failing?


mbrossart

Recommended Posts

Posted

I'm trying to import a server certificate on my ISY 994i running 4.2.10.  On the dashboard, I open Network, select Server Certificate and select No.

 

I have an internal CA on a pfSense firewall that I've used to generate a self signed 1024 bit/SHA1 certificate.  I export the certificate in .p12 format and change the extension to .pfx.  It's my understanding that .p12 and .pfx are identical except for the extension.

 

I select Import Certificate and select my .pfx file.

 

None of the fields populate.  I see no option to save anything, only to close the certificate window.  When I close the window, my ISY seems to have no desire to reboot to use the key.  I notice that when prompted for the Keystore Password (when opening the Server Certificate window), I can put any password in to open the window.  Is this normal?  Seems like something's amiss here.  Also, my certificate does not have a password.  Shortcoming of my low budget CA.  So, when prompted for a password after selecting my certificate, I just hit Ok.  Not sure if this errors me out, causing the certificate not to import.

 

I have the CA certificate installed on my PC.  This setup works fine for other devices using certs signed by this CA, but my ISY is throwing an SSL error and identifying the device as insecure.

 

Am I doing something wrong?  Do I have a corrupt Key Store that's throwing things off (I'm worried I seem to be able to get into the key store with any old password)?

 

Any thoughts?  Assistance greatly appreciated.

 

Thanks.

Posted

Thanks Michel.  I followed your steps and get the same results.  As a point of clarification, the dashboard is asking for a password.  My CA doesn't give the cert a password (I know, there's a security issue there).  When I import these certs elsewhere, when prompted for the password, I just hit enter and it imports the cert anyway.  I think what happens with my ISY, since I don't enter a password, it errors out and does not import the cert.  

Posted

Hi mbrossart,

 

.p12 or .pfx are encrypted with a password. So, for some reason ISY cannot decipher that these are indeed .p12/.pfx. If there's any way to get another certificate (if it's free) and send it to me to test, it would be great.

 

With kind regards,

Michel

Guest
This topic is now closed to further replies.

×
×
  • Create New...