• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
Archived This topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.

‎04-05-2017 07:28 AM

HP Recommended
Product: J9782A
Operating System: Other

I based my actions amongst others on this source:

https://www.adlerweb.info/blog/tag/procurve

 

I am using openssl to create my own CA for my company's switches etc.  and i am having trouble with a number of recent procure switches.

 

I created a root CA (2048 bits rsa, sha1 so as not to make things too difficult)

I created a custom TA called "netwerk", uploaded the CA root certificate, so far so good

 

Created a CSR:

crypto pki create-csr certificate-name sw1113  ta-profile netwerk usage web subject common-name sw1113 key-size 2048

 

the rest of the info and extensions like CDP alternative names etc. is being pushed while signing in openssl via an extensions file

 

resulting CSR processed with openssl (keeping it a simple 2048/sha1 leafcertificate)

 

Signed this CSR with the afore mentioned and uploaded root certificate:

 

Resulting PEM pasted to install the generated leaf certificate

 

sw1113(config)# crypto pki install-signed-certificate
Paste the certificate here and enter:
-----BEGIN CERTIFICATE-----
MIIEGjCCAwKgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UEBhMCTkwx

.....

ASCspazUcVeCueTvvVLr4UPObJB1/IBHKHCwkN7nuaTHuiDD8tQzOlWaxry4MsEF
GXojuFv1YtFAtlgLlwxvqndi2NysNyqcnZR1o4l0qe4eSrIlUrCyrvyieK5rdQ==
-----END CERTIFICATE-----

Certificate being installed is not signed by the TA certificate.

 

So, what is going on? The leaf cert is definitely signed by the root cert that was uploaded as TA cert.

 

 ta cert.jpg

 

 

Would really appreciate some help!!

 

 Thx, Jan

 

 

 

 

 

Archived This topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.