Installing wildcard cert on ZD3000

  • 1
  • Question
  • Updated 2 years ago
  • (Edited)

Hi all,

I'm trying to install a new wildcard certificate on a ZD3000 running 9.5.0.0 build 156.

I import the certificate (CRT) and then I'm told I need to import a private key to match. I have a PFX file which I converted to PEM format as the ZD won't accept PFX files but still no luck. I've verified that the cert and private key do match using https://www.sslshopper.com/certificate-key-matcher.html so why doesn't the ZD accept the key? Any ideas?

David


Photo of David Nanton

David Nanton

  • 2 Posts
  • 1 Reply Like

Posted 2 years ago

  • 1
Photo of Bittu

Bittu, Employee

  • 43 Posts
  • 13 Reply Likes
Hello David,

Where was the CSR used to get this cert generated? Was the CSR created on the ZD itself or was it generated on a server on your network? If you generated the CSR on the ZD you have the option to download the key from the ZD itself.
If this was a server on your network you need to get the private key from this server. You can use Open SSL to extract the certificate and the private key in the .pem format . Kindly refer to the below links that explains how to get this done and also provides commands that you will find useful:

https://rietta.com/blog/2012/01/27/openssl-generating-rsa-key-from-command/

https://www.sslshopper.com/article-most-common-openssl-commands.html

Hope this helps.

Regards,
Santosh
(Edited)
Photo of David Nanton

David Nanton

  • 2 Posts
  • 1 Reply Like

Hi Santosh,

Thanks. I managed to sort it.

After exporting the certificate with private keys from the server I then had to convert it to PEM format (PFXFilename.pem) using OpenSSL.

Then I had to extract the certificate only using the command - openssl pkcs12 -in PFXFilename.pfx -clcerts -nokeys -out PFXFilename_cert.pem

I then exported private key only: openssl rsa -in PFXFilename.pem -out PFXFilename.pem_key.pem

That still didn't work, until I edited both files to remove any text before the -----BEGIN CERTIFICATE----- and -----BEGIN RSA PRIVATE KEY----- lines and anythign aftert the -----END CERTIFICATE----- and -----END RSA PRIVATE KEY----- lines

That last bit seemed to be the missing link as only then was I able to import the certificate and key successfully to the controller.


Best wishes,

David