Hello Everyone,
When I exported my certificate and imported it into the COOP peer it did not take and produced the following error message: crypto key import rsa group1-export-general pem terminal 3des cisco123 !% Enter PEM-formatted public General Purpose key or certificate. % End with a blank line or "quit" on a line by itself. -----BEGIN PUBLIC KEY----- ! truncated pub key -----END PUBLIC KEY----- % Enter PEM-formatted encrypted private General Purpose key. % End with "quit" on a line by itself. -----BEGIN RSA PRIVATE KEY----- ! truncated private key -----END RSA PRIVATE KEY----- % Error: failed to create key - incorrect password?. % Error in generating keys: could not generate test signature % Key pair import failed. Dec 16 18:00:04.727: %CRYPTO-3-RSA_SELFTEST_FAILED: Generated RSA key failed self test I decided to re-export to make sure that the password was not incorrect but it produced the same result. I generated a new cert on the master KS and exported and this also flopped. In the end I made a new certificate with the label TEST instead of the label group1-export-general and this worked fine. crypto key import rsa TEST pem terminal cisco123 % Enter PEM-formatted public General Purpose key or certificate. % End with a blank line or "quit" on a line by itself. -----BEGIN PUBLIC KEY----- ! truncated pub key -----END PUBLIC KEY----- % Enter PEM-formatted encrypted private General Purpose key. % End with "quit" on a line by itself. -----BEGIN RSA PRIVATE KEY----- ! truncated private key -----END RSA PRIVATE KEY----- quit % Key pair import succeeded. The only thing that changed was the label on the certificate. Are there restrictions on number of chars or the length of the name? If not does anyone know why it did not like the original cert? Thanks in advance, Kyle
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
