cancel
Showing results for 
Search instead for 
Did you mean: 
  • ×
    Information
    Know the Benefits of your HP account

    Connect with HP support faster, manage all your devices in one place, view warranty information and more– Click Here

    Information
    Fix Windows 10 Update Issues

    Resolve Windows 10 or update issues on HP computer or printer– Click Here

  • post a message
  • ×
    Information
    Know the Benefits of your HP account

    Connect with HP support faster, manage all your devices in one place, view warranty information and more– Click Here

    Information
    Fix Windows 10 Update Issues

    Resolve Windows 10 or update issues on HP computer or printer– Click Here

  • post a message
Highlighted
New member
1 0 0 0
Message 1 of 1
463
Flag Post

switch TLS certificate : Certificate being installed is not signed by the TA certificate.

HP Recommended
J9782A
Other

I based my actions amongst others on this source:

https://www.adlerweb.info/blog/tag/procurve

 

I am using openssl to create my own CA for my company's switches etc.  and i am having trouble with a number of recent procure switches.

 

I created a root CA (2048 bits rsa, sha1 so as not to make things too difficult)

I created a custom TA called "netwerk", uploaded the CA root certificate, so far so good

 

Created a CSR:

crypto pki create-csr certificate-name sw1113  ta-profile netwerk usage web subject common-name sw1113 key-size 2048

 

the rest of the info and extensions like CDP alternative names etc. is being pushed while signing in openssl via an extensions file

 

resulting CSR processed with openssl (keeping it a simple 2048/sha1 leafcertificate)

 

Signed this CSR with the afore mentioned and uploaded root certificate:

 

Resulting PEM pasted to install the generated leaf certificate

 

sw1113(config)# crypto pki install-signed-certificate
Paste the certificate here and enter:
-----BEGIN CERTIFICATE-----
MIIEGjCCAwKgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UEBhMCTkwx

.....

ASCspazUcVeCueTvvVLr4UPObJB1/IBHKHCwkN7nuaTHuiDD8tQzOlWaxry4MsEF
GXojuFv1YtFAtlgLlwxvqndi2NysNyqcnZR1o4l0qe4eSrIlUrCyrvyieK5rdQ==
-----END CERTIFICATE-----

Certificate being installed is not signed by the TA certificate.

 

So, what is going on? The leaf cert is definitely signed by the root cert that was uploaded as TA cert.

 

 ta cert.jpg

 

 

Would really appreciate some help!!

 

 Thx, Jan

 

 

 

 

 

Be alert for scammers posting fake support phone numbers and/or email addresses on the community. If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation