What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
300.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Does the PRTG Certificate Importer Support ECC Certificates?

Votes:

0

Your Vote:

Up

Down

I am using the PRTG Certificate Importer to import a new certificate and not having any luck. No matter how I concatenate the cert, the two intermediate authorities and the root CA, I get one sort of failure or another. This is an ECC certificate. Is it possible your importer does not support ECC certificates?

certificate-importer ecc-certificate ssl-certificate

Created on Jan 2, 2019 9:27:35 PM by  doug-fsu (0) 1



8 Replies

Votes:

0

Your Vote:

Up

Down

Could not get the Importer to accept my new ECC certificate but following the manual process was a breeze and worked just fine. Why all the emphasis on using the Importer? It does not impress or seem robust. Contrary to all your documentation, the manual process was simple to understand and execute, and I was finished in 15 minutes.

Created on Jan 3, 2019 3:25:11 PM by  doug-fsu (0) 1



Votes:

0

Your Vote:

Up

Down

Hi Doug,

thank you for your message. I'm glad to hear you made it work.

Since the PRTG Certificate Importer works for most certificates and customers, we primarily recommend its use. For the cases where the importer does not work, we usually recommend the manual way.


Kind regards,
Andreas Günther
Tech Support, Paessler AG

Created on Jan 7, 2019 1:28:07 PM by  Andreas Günther [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Andreas -

OK, but can you answer my original question, please. Does the importer not support ECC certificates? If this is the case, you should update your docs to let us know that ECC certificates must be installed manually. That little bit of information would save a good deal of time and frustration.

If the importer does support ECC certificates then it remains a mystery why I could not use the importer.

Doug

Created on Jan 7, 2019 1:51:16 PM by  doug-fsu (0) 1



Votes:

0

Your Vote:

Up

Down

Hi there,

There is no "ECC Certificate". ECC is used within the cryptography world and is used within the HTTP world (TLS/SSL connections). So it's basically a specific algorithm used for the secure key exchange:
https://tools.ietf.org/html/rfc4492

More about ECC:
https://en.wikipedia.org/wiki/Elliptic-curve_cryptography

So I am not sure what you exactly mean by "ECC Certificate"?

Best regards.

Created on Jan 9, 2019 11:04:03 AM by  Dariusz Gorka [Paessler Support]

Last change on Jan 9, 2019 11:04:50 AM by  Dariusz Gorka [Paessler Support]



Votes:

0

Your Vote:

Up

Down

An ECC Certificate is a certificate with a ECC-based private key, as opposed to an RSA-based private key. Further, it is signed by an authority with an ECC-based key, and uses the ECDSA.

Can you please escalate this question to someone in your organization who has knowledge of ECC Certificates and whether or not your importer supports them. It is beginning to look like it doesn't and you should update your docs to specify this.

https://www.digicert.com/ecc.htm https://www.namecheap.com/support/knowledgebase/article.aspx/9503/38/what-is-an-ecc-elliptic-curve-cryptography-certificate and a dozen other references if you just google "ECC Certificate".

Created on Jan 9, 2019 1:13:47 PM by  doug-fsu (0) 1



Votes:

0

Your Vote:

Up

Down

Hi there,

Welp, seems like we need to meet somewhere in the middle as we are both right - I just missed the part that you can surely use ECC for the private key of the certificate as well. My bad.

However is the certificate encrypted/secured via ECC? What error message did the certificate importer show you?

Best regards.

Created on Jan 9, 2019 1:27:09 PM by  Dariusz Gorka [Paessler Support]



Votes:

0

Your Vote:

Up

Down

This is getting pretty painful, just what such a forum should strive to avoid. I was trying to be a good community member by asking the question and suggesting an update to your docs might benefit other members. Since I assume you are in Germany, perhaps we have some sort of language barrier here. My question is a simple one if you would just escalate it to someone with the appropriate knowledge.

If you can get me an answer, great. But please don't bother replying with any more questions or cryptography lessons. If I don't receive an answer, I think I got my answer.

Created on Jan 9, 2019 1:38:06 PM by  doug-fsu (0) 1



Votes:

0

Your Vote:

Up

Down

Hi there,

I would gladly like to escalate this to change the docs, but we didn't got any information here. We also hadn't had any similar cases in the past where users weren't able to import their ECC certificates. This is why I need to check what actually happens when you try to import it. Afterwards we can surely react to it - change the Importer or the docs.
I am happy to test this, but we don't have any ECC test certificates here either.

If you are not happy with troubleshooting this, then fine, but I am afraid that then I can't escalate this due to the lack information.

Best regards.

Created on Jan 9, 2019 1:54:23 PM by  Dariusz Gorka [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.