Reset Search
 

 

Article

CA is not accepting Certificate Signing Request with csr- prefix

« Go Back

Information

 
TitleCA is not accepting Certificate Signing Request with csr- prefix
Symptoms
EXOS creates a csr request with a "csr-" prefix in its common name.
Environment
  • EXOS
  • SSL
Cause
When creating a csr request EXOS adds a csr- prefix to the common name.
testswitch.1 # configure ssl csr privkeylen 2048 country NL organization testOrg common-name testswitch.domainname.local

You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
For some fields there will be a default value in [].
If you enter '.' the field will be left blank.

...

After the request is generated you can see the common name is prefixed with "csr-" when you decode the request.

$ openssl asn1parse -in test.pem -inform PEM -i
0:d=0 hl=4 l= 667 cons: SEQUENCE
4:d=1 hl=4 l= 387 cons: SEQUENCE
....<cut>...
48:d=5 hl=2 l= 3 prim: OBJECT :commonName
53:d=5 hl=2 l= 21 prim: UTF8STRING :csr-testswitch.domainname.local
 


 
Resolution
A workaround is generating the private key and CSR on a seperate PC with something like openssl and copy the private key and generated certificate to the switch using below commands.

download ssl <ip> privkey <file_name>
download ssl <ip> certificate <file_name>

A fix is scheduled in EXOS to not add the prefix with EXOS-27133 in 22.7.2 patchx-xx (expected end of September/October).
 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255