Question:
How do I generate a Certificate Signing Request (CSR) on a Cisco ACE appliance?
Answer:
To generate the CSR, complete the following steps:
1. Generate an RSA key pair by using the crypto generate key <bitsize> <filename> command in Exec mode, where < bitsize> is the key pair security strength and < filename> is the name that you assign to the generated RSA key pair file. For example:
ACE-1/Admin# crypto generate key 2048 key.pem
Generating 2048 bit RSA key pair
2. Create a CSR parameter set by using the crypto csr-params <csr_param_name> command in configuration mode, where <csr_param_name> is the name of the CSR parameter set. For example:
ACE-1/Admin(config)# crypto csr-params PARAMS_1
3. After you create a CSR parameter set, the command line application enters CSR parameter configuration mode, where you define the distinguished name parameters. Define the parameters as appropriate for your domain and organization. For example:
ACE-1/Admin(config-csr-params)# common-name www.mydomain.com ACE-1/Admin(config-csr-params)# country US ACE-1/Admin(config-csr-params)# state TX ACE-1/Admin(config-csr-params)# serial-number 001 ACE-1/Admin(config-csr-params)# locality Dallas ACE-1/Admin(config-csr-params)# organization-name Entrust ACE-1/Admin(config-csr-params)# organization-unit ECS
4. Display the CSR parameter set summary report. For example:
ACE-1/Admin# show crypto csr-params PARAMS_1
country-name: US
state: TX
locality: Dallas
org-name: Entrust
org-unit: ECS
common-name: www.mydomain.com
serial-number: 001
5. Generate a CSR file for the RSA key pair file using the crypto generate csr <csr_params> <key_filename> command in Exec mode of the context containing the RSA key pair file created in Step 1 above. For example:
ACE-1/Admin# crypto generate csr PARAMS_1 key.pem -----BEGIN CERTIFICATE REQUEST----- MIIBcDCCARoCAQAwgbQxCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlTb21lU3RhdGUx ETAPBgNVBAcTCFNvbWVDaXR5MRcwFQYDVQQKEw5BIENvbXBhbnkgTmFtZTEbMBkG A1UECxMSV2ViIEFkbWluaXN0cmF0aW9uMR0wGwYDVQQDExR3d3cuYWNvbXBhbnlu YW1lLmNvbTEpMCcGCSqGSIb3DQEJARYad2ViYWRtaW5AYWNvbXBhbnluYW1lLmNv bSAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtBNcNXMBqh5cJHbWFsqe9LMUO90T pYG7gF5ODvtFGREMkHh7s6S1GF131IBWCSelG4Q/qEztjCO7y3pyjruVNQIDAQAB oAAwDQYJKoZIhvcNAQEEBQADQQCMmXRdNPBDtMQPFvylpED5UMbeaMRm2iaC+1uZ ETAPBgNVBAcTCFNvbWVDaXR5MRcwFQYDVQQKEw5BIENvbXBhbnkgTmFtZTEbMBkG A1UECxMSV2ViIEFkbWluaXN0cmF0aW9uMR0wGwYDVQQDExR3d3cuYWNvbXBhbnlu YW1lLmNvbTEpMCcGCSqGSIb3DQEJARYad2ViYWRtaW5AYWNvbXBhbnluYW1lLmNv IaHmdoX4h5eckauu9pPgSxczau8w68PF+PDS9DAAMeRDxisL -----END CERTIFICATE REQUEST-----