Export CSR via SSH

Reply
Highlighted
L1 Bithead

Export CSR via SSH

Hello,

 

I have created a CSR:

request certificate generate country-code DE days-till-expiry 1100 email NOC@DOMAIN.COM locality BERLIN signed-by external organization MYORG ip 1.1.1.1 algorithm RSA rsa-nbits 2048 certificate-name testcert name test.domain.de

 

Looks fine and I can also see it in the WUI.

 

Now I would like to export it via SSH:

scp export certificate certificate-name testcert format pem include-key no to myuser@10.10.10.10:/cert_test.csr

 

but I get

 

Server error : Failed to prepare certificate testcert for export

 

This works fine for already existing certificates... but not for a CSR...

What am I doing wrong?

 

Any help appreciated. Thank you!


Accepted Solutions
L7 Applicator

Re: Export CSR via SSH

I don't see anything you're doing wrong. I tested this myself and ran into the same situation. The UI export runs an XML download operation, so it's not as simple as a UI wrapper for CLI.

 

The CSR should probably be exportable via CLI, but clearly it's not. 

 

As a workaround, you can run:

show config candidate

Then do a / to start a find, and type the name of the CSR (testcert). It will show you the raw CSR that you can copy then you can put it directly onto the target SSH server.

 

I'd recommend submitting a feature request with your account team as well. It may have been missed as a requirement, or there may have been a reason for not adding that CLI option, but getting it submitted with your account team can go a long way to getting it implemented.

 

Cheers,

Greg

 

<edit, replaced "running" with "candidate", in case the CSR hasn't been added to the running config via a commit yet>

View solution in original post


All Replies
L7 Applicator

Re: Export CSR via SSH

I don't see anything you're doing wrong. I tested this myself and ran into the same situation. The UI export runs an XML download operation, so it's not as simple as a UI wrapper for CLI.

 

The CSR should probably be exportable via CLI, but clearly it's not. 

 

As a workaround, you can run:

show config candidate

Then do a / to start a find, and type the name of the CSR (testcert). It will show you the raw CSR that you can copy then you can put it directly onto the target SSH server.

 

I'd recommend submitting a feature request with your account team as well. It may have been missed as a requirement, or there may have been a reason for not adding that CLI option, but getting it submitted with your account team can go a long way to getting it implemented.

 

Cheers,

Greg

 

<edit, replaced "running" with "candidate", in case the CSR hasn't been added to the running config via a commit yet>

View solution in original post

Highlighted
L2 Linker

Re: Export CSR via SSH

Experienced this error message in the web console:

Failed to prepare certificate <certificate-name> for export

 

Resolved by re-login to the web console..

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!