Skip to main content

How do I generate a Certificate Signing Request (CSR) on a Cisco ACE appliance?

Question:

How do I generate a Certificate Signing Request (CSR) on a Cisco ACE appliance?

Answer:

To generate the CSR, complete the following steps:

1.    Generate an RSA key pair by using the crypto generate key <bitsize> <filename> command in Exec mode, where < bitsize> is the key pair security strength and < filename> is the name that you assign to the generated RSA key pair file. For example:

ACE-1/Admin# crypto generate key 2048 key.pem

Generating 2048 bit RSA key pair

2.    Create a CSR parameter set by using the crypto csr-params <csr_param_name> command in configuration mode, where <csr_param_name> is the name of the CSR parameter set. For example:

ACE-1/Admin(config)# crypto csr-params PARAMS_1

3.    After you create a CSR parameter set, the command line application enters CSR parameter configuration mode, where you define the distinguished name parameters. Define the parameters as appropriate for your domain and organization. For example:

ACE-1/Admin(config-csr-params)# common-name www.mydomain.com
ACE-1/Admin(config-csr-params)# country US
ACE-1/Admin(config-csr-params)# state TX
ACE-1/Admin(config-csr-params)# serial-number 001
ACE-1/Admin(config-csr-params)# locality Dallas
ACE-1/Admin(config-csr-params)# organization-name Entrust
ACE-1/Admin(config-csr-params)# organization-unit ECS

4. Display the CSR parameter set summary report. For example:

ACE-1/Admin# show crypto csr-params PARAMS_1

country-name: US

state: TX

locality: Dallas

org-name: Entrust

org-unit: ECS

common-name:    www.mydomain.com

serial-number:  001

5.    Generate a CSR file for the RSA key pair file using the crypto generate csr <csr_params> <key_filename> command in Exec mode of the context containing the RSA key pair file created in Step 1 above. For example:

 ACE-1/Admin# crypto generate csr PARAMS_1 key.pem
 -----BEGIN CERTIFICATE REQUEST-----
 MIIBcDCCARoCAQAwgbQxCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlTb21lU3RhdGUx
 ETAPBgNVBAcTCFNvbWVDaXR5MRcwFQYDVQQKEw5BIENvbXBhbnkgTmFtZTEbMBkG
 A1UECxMSV2ViIEFkbWluaXN0cmF0aW9uMR0wGwYDVQQDExR3d3cuYWNvbXBhbnlu
 YW1lLmNvbTEpMCcGCSqGSIb3DQEJARYad2ViYWRtaW5AYWNvbXBhbnluYW1lLmNv
 bSAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtBNcNXMBqh5cJHbWFsqe9LMUO90T
 pYG7gF5ODvtFGREMkHh7s6S1GF131IBWCSelG4Q/qEztjCO7y3pyjruVNQIDAQAB
 oAAwDQYJKoZIhvcNAQEEBQADQQCMmXRdNPBDtMQPFvylpED5UMbeaMRm2iaC+1uZ
 ETAPBgNVBAcTCFNvbWVDaXR5MRcwFQYDVQQKEw5BIENvbXBhbnkgTmFtZTEbMBkG
 A1UECxMSV2ViIEFkbWluaXN0cmF0aW9uMR0wGwYDVQQDExR3d3cuYWNvbXBhbnlu
 YW1lLmNvbTEpMCcGCSqGSIb3DQEJARYad2ViYWRtaW5AYWNvbXBhbnluYW1lLmNv
 IaHmdoX4h5eckauu9pPgSxczau8w68PF+PDS9DAAMeRDxisL
 -----END CERTIFICATE REQUEST-----