Hello
Unable to Import Server key file in Manage Engine Mobile Device Manager Plus.(mdm)
Getting this error below.
i have created proxy server for mdm application. its working fine with SSL Certificate no issue at all.
But when its come to installing Certificate on Application Side getting this error belw
Encrypted Key File Uploaded. Decrypt it and upload again. R
From Centos9 Proxy Server. Copied Files.
But Still not able to install Key File
If you open the key file in a text editor it probably says -----BEGIN ENCRYPTED PRIVATE KEY----- at the top. You need to convert your key file to one that doesn't use a password.
How did you get your certificate (which ACME client?) and where did you get your file that you're using, did you convert it with openssl etc?
You could probably convert what you have (certificate full chain, plus key) into a PFX (p12 file) which is an archive that contains everything in one file.
SSLCertificateFile /etc/letsencrypt/live/mdm.XXX.com/fullchain.pem
** SSLCertificateKeyFile /etc/letsencrypt/live/mdm.XXX.com/privkey.pem**
** Include /etc/letsencrypt/options-ssl-apache.conf**
Yes converted key without password as well.
Using Openssl yes
openssl pkcs8 -topk8 -nocrypt -in /etc/letsencrypt/live/mdm.XXXX.com/privkey.pem -out /tmp/server.key
@webprofusion do you prefer any special cmd? Please advise
How to convert? you mean from Centos9 reverse proxy needs to be convert After copying files cert.pem and chain.pem and privkey.pem in to windows any tool to convert?
Please explain the step please
Ok if you have the key without the password then upload it (your /tmp/server.key file). The problem you were seeing was because the key had a password set.
Don't concern yourself with my PFX comment, that's too complicated and you don't need to do it.
Can you share me the cmd let me try that
**openssl pkcs8 -topk8 -nocrypt -in /etc/letsencrypt/live/mdm.XXXX.com/privkey.pem -out /tmp/server.key
Share me what is the exact cmd should i try?
What happens if you rename a copy of privkey.pem to server.key and upload it?
Not Working @linkp
Have you opened a dialog with ManageEngine support?
key is in different format which is not supported from ME MDM. we have generated the CSR file, which need to be signed by the vendor and you can upload it back in MDM. Also make sure to upload the server generated key in the attached screenshot.
You need to discuss this with ManageEngine support, you already have the certificate so the problem is with their product.
@webprofusion ManageEngine support said
My ManageEngine is installed in Windows11 VM. CSR is executed from Windows11
MDM Support is saying that. you need to issue the certificate with CSR to Certbot let's encrypt Certificate from reverse proxy server of linux VM.
Now my expectation from Let's Encrypt. How to issue the certificate with CSR.
Please provide me the Steps
As @webprofusion said, you have the Certificate already. You need ManageEngine to help you install it on their product. Tell them you have the Certificate but can not install it.
@jvanasco See my screen shot as i mentioned. which i tried to install Certificate. and Keyfile doesn't take. So manage engine has request. Please issue from lets' encrypt certificate application is installed in Linux Reverse proxy server with Server CSR of where Manage engine is installed in Windows11.
Now i want procedure for how to keep CSR file into my Linux reverse proxy to issue the certificate
As per Manage engineen support given steps below i am getting this error
Steps from Manage Engineen
After apply i am getting this error
Now MDM is saying its not a proper key from Let's encrypt kindly advise some to fix this
Did you specify RSA when you created created the key? Certbot keys have been ECC keys by default for many years now. If you need an RSA key, you must specify that in your command.
@linkp What is the exact command are you suggesting me. Can you please update the exact cmd. so this will be faster to close the session
