Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Error after attempting to upload a custom certificate in an unsupported format to Flowmon

 

Information

 

Summary:

If the certificate is in an unsupported DER encoded format, it will not be accepted by Flowmon and uploading it will result into an error

Environment:

Product: Flowmon

Version: Any

Platform: Any

Question/Problem Description:

I am having issues with uploading a custom certificate. I sent the csr to our CA to get signed, but when I try to upload the signed cert (DER encoded with .crt file-ending) with the key I always get the error message "Uploaded key does not match the certificate!". I checked and I am absolutely certain that the key I am trying to upload is the one I used to create the csr.

Steps to Reproduce: Upload the key and the matching DER encoded certificate, which will result in the error below.
Error Message: "Uploaded key does not match the certificate!"
Defect Number:  
Enhancement Number:  
Cause: Flowmon doesn't support DER encoded certificates. PEM certificates should be used instead.
Resolution:

To convert the certificate into PEM, a variation of the OpenSSL CLI command showcased below can be used. The 'server.crt' is the name of the certificate file that needs to be uploaded (with WinSCP for example) to /home/flowmon after logging in to Flowmon with SSH:

$ openssl x509 -in 'server.crt' -inform der -outform pem -out server.pem

Then, download the file and import they key and the new certificate file from GUI.

If that doesn't help, it is possible to check the certificate to troubleshoot the issue further. Upload the key and the certificate to /home/flowmon and then run these CLI commands:
$ openssl x509 -noout -modulus -in 'server.crt' | openssl md5
$ openssl rsa -noout -modulus -in 'server.key' | openssl md5

For more details, please reach out to the Flowmon support.

Workaround:  
Notes:  

Was this article helpful?
0 out of 0 found this helpful

Comments