Hi, I'm banging my head against a wall here and looking for some help.
One virtual service is having a cert change due to expiry, and I've got the .pfx as exported from Windows. I have extracted the key and cert from this. I have the intermediate and root certs. I can upload all, the key to the keyfile, and the host cert then the intermediate to the cert file using scp. Done this some number of times in the past routinely. I can use the show commands to view the cert chain, and see the host's cert plus the intermediate. However what I can't do is the actual bind of the cert into the ssl profile: SSH@sender(config)#ssl profile tcnemo-toclients SSH@sender(config-ssl-profile-tcnemo-toclients)#keypair-file tcnemo_2015.key SSH@sender(config-ssl-profile-tcnemo-toclients)#certificate-file tcnemo_chain_2015.crt SSH@sender(config-ssl-profile-tcnemo-toclients)#Error key and certificate mismatch Please delete the key and re-add the right key and certificate SSL profile : tcnemo-toclients Certificate file : \usb0\certstor\tcnemo_chain_2015.crt.cert Key file : \usb0\certstor\tcnemo_2015.key.key The only help I can get from Dr Google is the suggestion from the documentation that this key does not match the certificate. But both came from the exported PFX, and I've verified them manually in various ways. Now totally stuck as to what to do next (and time is ticking for the previous cert expiry :). Anyone any ideas? ADX 12.5.01g Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. _______________________________________________ foundry-nsp mailing list foundry-nsp@puck.nether.net http://puck.nether.net/mailman/listinfo/foundry-nsp