Urgent. Importing certificate to CS 4.3.1 using GUI

Wed, 24 Sep 2014 07:41:07 -0700 

Hi guys,

i want to migrate away from realhostip.com. I have set up DNS service in no 
time, but am having problems importing certificates to ACS 3.4.1.

I created my own CA like this:

cd /etc/pki/CA
touch index.txt
echo 1000 > serial
openssl genrsa -aes256 -out /etc/pki/CA/private/ca.key.pem 4096
chmod 400 /etc/pki/CA/private/ca.key.pem
 nano -w /etc/pki/tls/openssl.cnf
openssl req -new -x509 -days 63650 -key /etc/pki/CA/private/ca.key.pem  -sha256 
-extensions v3_ca -out /etc/pki/CA/certs/ca.cert.pem 


Signed my own keys and converted them to pkcs8 format like this:

cd /etc/pki/CA
openssl genrsa -out private/vse.somedomain.tld.key.pem 4096
chmod 400 private/vse.somedomain.tld.key.pem
openssl req -sha256 -new -key private/vse.somedomain.tld.key.pem  -out 
certs/vse.somedomain.tld.csr.pem
openssl ca -keyfile private/ca.key.pem -cert certs/ca.cert.pem -extensions 
usr_cert -notext -md sha256 -days 63649 -in certs/vse.somedomain.tld.csr.pem 
-out certs/vse.somedomain.tld.cert.pem
openssl pkcs8 -topk8 -in private/vse.somedomain.tld.key.pem -out 
private/vse.somedomain.tld.key.encrypted.pkcs8
openssl pkcs8 -in private/vse.somedomain.tld.key.encrypted.pkcs8 -out 
private/vse.somedomain.tld.key.pkcs8
chmod 400 private/vse.somedomain.tld.key.encrypted.pkcs8 
chmod 400 private/vse.somedomain.tld.key.pkcs8



But when trying to import it via GUI: infrastructure -> SSL Certificate:
Certificate from vse.somedomain.tld.cert.pem
PKCS8 from private/vse.somedomain.tld.key.pkcs8
DNS domain suffix to: *.somedomain.tld

But it fails with:
"Failed to update SSL Certificate."

Please help me upload the new certificate.
Catalina.out shows no error. I have no idea what else to check.

Thank you.
F.

Reply via email to