SSL configuration on T2600G-52TS 3.0

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

SSL configuration on T2600G-52TS 3.0

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
SSL configuration on T2600G-52TS 3.0
SSL configuration on T2600G-52TS 3.0
2019-11-05 16:26:24 - last edited 2020-03-10 08:21:29
Hardware Version: V3
Firmware Version: 3.0.3 Build 20181101 Rel.54949(s)

Hi,

 

I'm tryng to configure the HTTPs certificate on my switch.

 

Those are 2 recently bought T2600G-52TS 3.0 with last firmware 3.0.3 Build 20181101 Rel.54949(s).

 

I pushed my SSL certificate (like I did with many others services). When cliking load, it says ok.

And when I push the key, the web interface says "Failed to download the key file".

 

I tried both with 4096 and 2048 key sizes.

I tried with a full chain cert and the single cert.

 

My certs are signed with my internal PKI from my company.

I'm positive the certificate and key matches.

 

Is there any restrictions I should know about, that could prevent me from uploading the key ?

This is an important security issue for us, and we have some audits coming our way ...

 

Best regards,

 

Jeremy.

 

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:SSL configuration on T2600G-52TS 3.0-Solution
2020-03-07 16:17:45 - last edited 2020-03-10 08:21:29

I had a similar issue, openssl outputs the private key file in the PKCS#8 format by default, these switches will only accept PKCS#1, you can convert the private key file using the command ``openssl rsa -in newkey.pem -out newkey.pem``

 

 

Source: https://stackoverflow.com/a/3502122/5538719

Recommended Solution
  1  
  1  
#5
Options
5 Reply
Re:SSL configuration on T2600G-52TS 3.0
2019-11-06 09:17:41

@Biiidouille 

 

I find some information from TP-Link website. You can refer to it but may be not able to solve the issue.

https://www.tp-link.com/us/configuration-guides/configuration_guide_for_accessing_the_switch_securely/?configurationId=18568#_idTextAnchor005 (The configured guide for HTTPS)

 

And in HTTPS config help, it says that the key must be BASE64 encoded. The SSL certificate and key downloaded must match each other, otherwise the HTTPS connection will not work.

  0  
  0  
#2
Options
Re:SSL configuration on T2600G-52TS 3.0
2019-11-06 09:54:36

Hi,

 

thank you for your answer.

I read that article, and followed the instructions.

 

My keys matches the certs, there is no doubt about it. And both files (key and cert) are in pPEM format (which is actually ASN1 base64 encoded). So that's what I understand there.

 

I must be missing something right ?

 

Best regards

  0  
  0  
#3
Options
Re:SSL configuration on T2600G-52TS 3.0
2019-11-08 03:59:50
I don't make sure that if you miss something, but I can only find upload button. Maybe you can contact TP-Link Support for help.
  0  
  0  
#4
Options
Re:SSL configuration on T2600G-52TS 3.0-Solution
2020-03-07 16:17:45 - last edited 2020-03-10 08:21:29

I had a similar issue, openssl outputs the private key file in the PKCS#8 format by default, these switches will only accept PKCS#1, you can convert the private key file using the command ``openssl rsa -in newkey.pem -out newkey.pem``

 

 

Source: https://stackoverflow.com/a/3502122/5538719

Recommended Solution
  1  
  1  
#5
Options
Re:SSL configuration on T2600G-52TS 3.0
2020-03-10 08:21:18

@fakuivan_ 

That worked ! Thank you so much ! I had no idea there was different private key format like this :)

  0  
  0  
#6
Options

Information

Helpful: 0

Views: 1718

Replies: 5