Jump to content
Welcome to our new Citrix community!

FIPS key, Web Cert issues


Kyle Kaufman

Recommended Posts

Having issues with MPX10500 HA pair.  Have a case open with support but have not heard from them since the 29th, not a good sign.   Well anyway it first started with not being able to sync FIPS keys from one appliance to the other but I got that resolved on my own while on the phone with support.  After I was able to export and import keys between appliances I went to create a WRAP key to use to import our SSL wild cards certs that were created with a FIPS key.  Which fails with "operation not permitted"

So I moved on to creating a CSR with one of the FIPS keys I created and sent it off, I received the cert, intermediate and root  for the cert chain and uploaded to the Netscalers.  Then attempted to install and I get the error "No such FIPS key"  which I have been able to find NOTHING on out in any support forums or web searches. 

 

PLEASE HELP!

Link to comment
Share on other sites

I am sure you are using : http://support.citrix.com/servlet/KbServlet/download/9539-102-665378/NS9000_FIPS_6%5B1%5D%5B1%5D.1.pdf

which is a good guide for FIPS device .

 

 

Installing certificate on FIPS device :

- use the FIPS key shown in " show ssl fipskey " to create the CSR .

- Send this CSR to CA for generating cert .

- Install cert using " add certkey <certKeyName> -cert <string> -fipskey <fipsKeyName> "

 

 

If you are receiving No such FIPS Key error , please make sure that the name of FIPS key you are using is correct and its also listed in 'show ssl fipskey' command.

Link to comment
Share on other sites

  • 4 years later...

5 year old post but still causing issue.

 

This is a very discouraging issue with very little data. The final fix ended up being to use the CLI rather than The GUI to install the actual certificate. The command is:
add ssl certKey NewCertName -cert ServerCertName.pem -fipsKey FIPsKeyName -expiryMonitor DISABLED
***Also Make sure the private key has been deleted from the server cert pem file or it will fail.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...