Does the PRTG Certificate Importer Support ECC Certificates?

Could not get the Importer to accept my new ECC certificate but following the manual process was a breeze and worked just fine. Why all the emphasis on using the Importer? It does not impress or seem robust. Contrary to all your documentation, the manual process was simple to understand and execute, and I was finished in 15 minutes.

Hi Doug,

thank you for your message. I'm glad to hear you made it work.

Since the PRTG Certificate Importer works for most certificates and customers, we primarily recommend its use. For the cases where the importer does not work, we usually recommend the manual way.

Kind regards,
Andreas Günther
Tech Support, Paessler AG

Andreas -

OK, but can you answer my original question, please. Does the importer not support ECC certificates? If this is the case, you should update your docs to let us know that ECC certificates must be installed manually. That little bit of information would save a good deal of time and frustration.

If the importer does support ECC certificates then it remains a mystery why I could not use the importer.

Doug

Hi there,

There is no "ECC Certificate". ECC is used within the cryptography world and is used within the HTTP world (TLS/SSL connections). So it's basically a specific algorithm used for the secure key exchange:
https://tools.ietf.org/html/rfc4492

More about ECC:
https://en.wikipedia.org/wiki/Elliptic-curve_cryptography

So I am not sure what you exactly mean by "ECC Certificate"?

Best regards.

An ECC Certificate is a certificate with a ECC-based private key, as opposed to an RSA-based private key. Further, it is signed by an authority with an ECC-based key, and uses the ECDSA.

Can you please escalate this question to someone in your organization who has knowledge of ECC Certificates and whether or not your importer supports them. It is beginning to look like it doesn't and you should update your docs to specify this.

https://www.digicert.com/ecc.htm https://www.namecheap.com/support/knowledgebase/article.aspx/9503/38/what-is-an-ecc-elliptic-curve-cryptography-certificate and a dozen other references if you just google "ECC Certificate".

Hi there,

Welp, seems like we need to meet somewhere in the middle as we are both right - I just missed the part that you can surely use ECC for the private key of the certificate as well. My bad.

However is the certificate encrypted/secured via ECC? What error message did the certificate importer show you?

Best regards.

This is getting pretty painful, just what such a forum should strive to avoid. I was trying to be a good community member by asking the question and suggesting an update to your docs might benefit other members. Since I assume you are in Germany, perhaps we have some sort of language barrier here. My question is a simple one if you would just escalate it to someone with the appropriate knowledge.

If you can get me an answer, great. But please don't bother replying with any more questions or cryptography lessons. If I don't receive an answer, I think I got my answer.

Hi there,

I would gladly like to escalate this to change the docs, but we didn't got any information here. We also hadn't had any similar cases in the past where users weren't able to import their ECC certificates. This is why I need to check what actually happens when you try to import it. Afterwards we can surely react to it - change the Importer or the docs.
I am happy to test this, but we don't have any ECC test certificates here either.

If you are not happy with troubleshooting this, then fine, but I am afraid that then I can't escalate this due to the lack information.

Best regards.