03-07-2016 10:38 AM
Hello,
I have created a CSR:
request certificate generate country-code DE days-till-expiry 1100 email NOC@DOMAIN.COM locality BERLIN signed-by external organization MYORG ip 1.1.1.1 algorithm RSA rsa-nbits 2048 certificate-name testcert name test.domain.de
Looks fine and I can also see it in the WUI.
Now I would like to export it via SSH:
scp export certificate certificate-name testcert format pem include-key no to myuser@10.10.10.10:/cert_test.csr
but I get
Server error : Failed to prepare certificate testcert for export
This works fine for already existing certificates... but not for a CSR...
What am I doing wrong?
Any help appreciated. Thank you!
03-07-2016 10:55 AM - edited 03-07-2016 10:56 AM
I don't see anything you're doing wrong. I tested this myself and ran into the same situation. The UI export runs an XML download operation, so it's not as simple as a UI wrapper for CLI.
The CSR should probably be exportable via CLI, but clearly it's not.
As a workaround, you can run:
show config candidate
Then do a / to start a find, and type the name of the CSR (testcert). It will show you the raw CSR that you can copy then you can put it directly onto the target SSH server.
I'd recommend submitting a feature request with your account team as well. It may have been missed as a requirement, or there may have been a reason for not adding that CLI option, but getting it submitted with your account team can go a long way to getting it implemented.
Cheers,
Greg
<edit, replaced "running" with "candidate", in case the CSR hasn't been added to the running config via a commit yet>
03-07-2016 10:55 AM - edited 03-07-2016 10:56 AM
I don't see anything you're doing wrong. I tested this myself and ran into the same situation. The UI export runs an XML download operation, so it's not as simple as a UI wrapper for CLI.
The CSR should probably be exportable via CLI, but clearly it's not.
As a workaround, you can run:
show config candidate
Then do a / to start a find, and type the name of the CSR (testcert). It will show you the raw CSR that you can copy then you can put it directly onto the target SSH server.
I'd recommend submitting a feature request with your account team as well. It may have been missed as a requirement, or there may have been a reason for not adding that CLI option, but getting it submitted with your account team can go a long way to getting it implemented.
Cheers,
Greg
<edit, replaced "running" with "candidate", in case the CSR hasn't been added to the running config via a commit yet>
08-08-2017 01:23 AM
Experienced this error message in the web console:
Failed to prepare certificate <certificate-name> for export
Resolved by re-login to the web console..
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
