Invalid SSL key

Invalid SSL key
Invalid SSL key
2014-09-07 08:14:22
Region : Others

Model : TL-SG3424

Hardware Version : V1

Firmware Version : TL-SG3424_V1_140721

ISP :


After replaceing SSL certificate and key over Web and CLI i got error Invalid SSL key.
CLI command
ip http secure-server download certificate myserver.pem ip-address IP-IP
and web button works, but CLI command
ip http secure-server download key myserver.key ip-address IP-IP
and web gives error Invalid SSL key, after that i cant connect over https any more.

I have 25 switches and i need to manage them over Internet, SSL certificate CN is switchXX.example.com
and i have valid non self-signed certificates.
0
0
#1
Options
4 Replies
Re:Invalid SSL key
2015-02-22 23:44:46
Bump

Having exact same problem. I will even post the "key" that I am using as I have revoked this certificate anyway due to not being able to use it.

Here are the steps I took:

1) Generated Certificate Signing Request and Private key:
> openssl req -new -newkey rsa:2048 -nodes -out switch-01.csr -keyout switch-01.key -subj "/C=US/ST= Hidden/L= Hidden/O= Hidden/OU=Office/CN=switch-01"

2) Took the csr, processed it on a Microsoft Certificate Authority and generated a Web Server certificate without issue

3) On my switch (TL-SG2424) I went to System->Access Security->SSL Config

4) Choose file for Certificate, selected newly created certificate, click Download, and progress bar fills up with success

5) Choose file for Key Download, select the key, hit download, get error that SSL Key Invalid.

As there is no way to reset any of this without losing ALL settings, HTTPS access is now completely broken and review of the Maintenance Logs only shows the fact that the certificate was uploaded, not a failure of the Key to upload.

The key looks like this from the raw file switch-01.key that the switch firmware will not accept for unknown reason.


-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDlaeT3Td+O39XZ
Z/4RjGFxXhXvuJgXQR29hLP2zRGKTwiuGFjxPJMx2ijhgeNvyVdpW21kOkXcKYzh
4dBU735tmbkszTIR2N7FxHnQ6a7kYadGOovEeVUk+31tV7VhqwL1ygrgudqgY48p
lVmbNPg2lSLZ4vTfX+ISYHvwaUhZ9uj38sCaNAQ7OaNjHCyAVLlOyBeyc50b5FYC
dcn57gN40fVuvKiS54FkMVw/zOkae+gFiE+Ajcy93QwmKMlu2zLfdAQoKNlKphxK
zXb8pj6xoD/RnbTN8nS2I65i40nDLghMBOaP13W/gK48e7eTZ0wF03fSzANAzqXL
Qr2uKL5NAgMBAAECggEBANUBt5hvc61C41oTFnHQuAD87L1B1eVxjl2TQ01aJnkW
3OZYsOx74+ebue14HmaCuWiXfUBcYtUCt05bzoWuQOMeojKY625qwJ07yidRchOX
ICsy3Oc2CPpnj5PgpgbjM8JnMCZsKjRVfG2NwD89tWFoo41PDzH/4vZRI4KbHpR3
zNCe1B8z6igbp6TbEMR5mNMYlokKeKq6xu2BNqQhraPY9UBOJgcZcmAkQ4yaznHF
U7zYGKmlg4c7gramvoClyR8dygiMojU6OgILNPQVEvJWlVqA0ScfohaBGdZQX6GN
gb3ERLPH4G5p8ypTs19dhE9fJwyR55auFoIW9trE+XkCgYEA9dQp1vlBsw9189X0
SbLcqWCOkqP7ejpluvITkTosYxrtnm5qe1hR33r5ubFgtX3A5W4na4z+E/zdeIIV
6ZrlFOPU19xUlPu/e3qJVxhJpdZADJztvBtJ8rcIBL35LkhADkMAd3knvsLhviaN
LfuTujTHptI+rhlN9zv1MPn3FtMCgYEA7ufcYTogLUJkCxhSlLI2zh7nJZ3XhST6
bfaLFIDzsQU0WGA4KsziHFjHEm93L6FCHjBflHSs8GS3V3Q1P+cx5GA+GCa+ynBA
sBer97WJdPkfKPpimLfWiVMcGUkOdw0wDCU/J3nJHb0tOyN5kulUlbm1Jimq/eW0
m+ExBZDL4l8CgYEApxG2DcABAqyzQTBbgerpRMO2obqIop0lnlP/MGgU2pXmgBIS
lBmGKxfsuGLwkugQPN0MNW/xDayA5/Gg6s62eegNM1cutMITdNvmkyaShv6BMRFG
EN2K+EWkUXS68NVxkz++BXR1qpPPz+drc6DS2W4dcibZKoFQF4LMNKjtYLkCgYBy
Z+ZJSSSPh/OQvJ0PSCimnHXktam3wPWMIzyHHRmV9AAVMj6zgFnnaTwrv+U7keWv
v0qGNTl8BT8nSicV6wkhbFVQC33iQ882hJ99iBnDQmmBniYJLEA4kuwpz6p1qIMR
zeRoaxG8hBNc9qgJimNPMBdnpxyTaaUL4NMw7x4z0QKBgQCqMjEHUE7KsMQIVlxK
btgJ8PqbIQc+ASAS91gLCkX/qA+dRLZHB/NGGciU29I/IZeWoYn8n61zyB0ISrfW
dRfJw58tIaNPX69BD7XVdDOZl1TEltqe/QhOlUEro3TaeIr6qBgsjpBgq0q7PTQO
bFmm1DwXcUcF3S6WevnMxsvpmQ==
-----END PRIVATE KEY-----

Can anyone possibly comment on this as to why this is not working? Every other device on my network that supports SSL works just fine except this one.

Thanks!
0
0
#2
Options
RSA PEM format required
2015-03-11 03:38:19
The certificate and private keys must be in RSA PEM format for the import to work.<br>You can very easily convert your private key using openSSL a follows:

[CODE]openssl rsa -in switch.key -outform PEM -out switch_key.pem[/CODE]

Afterwards, importingt PEM format file will work.
0
0
#3
Options
RSA PEM format required
2015-03-11 03:39:27
The certificate and private keys must be in RSA PEM format for the import to work.
You can very easily convert your private key using openSSL a follows:

[CODE]openssl rsa -in switch.key -outform PEM -out switch_key.pem[/CODE]

Afterwards, importingt PEM format file will work.
0
0
#4
Options
Re:Invalid SSL key
2015-04-17 00:25:40
Thank you, its work now.
0
0
#5
Options