For Cisco SCA
This process is in three parts:
1) Creating your Private Key
2) Creating your Certificate Signing Request (CSR)
3) Installing your Certificate
Part 1 of 3: Creating your Private Key
Please issue the following commands to create your private key:
# config # ssl # key new_key create # genrsa bits 1024 encrypt des output entrust_key
You can specify up to 2048 as the bit length for the key. You must enter a password this key. Do not forget this password.
Please issue the following command to create your CSR:
# gencsr key entrust_key
This command uses entrust_key as the identifier for the key that was just generated. The CSR must correspond to a key that you have created. You will need to specify the following fields in your CSR:
Common name: Enter the domain that is to be secured on the certificate. This is usually a fully qualified domain name (e.g. mydomain.com).
Organization: Enter the legal business name of the organization.
Organizational Unit: Enter the your department name (e.g. IT).
City/Locality: The city in which your company is currently located.
State/Province: The state in which your company is currently located.
Country/Region: Select your country/Region.
First, you must install your webserver certificate. Copy your certificate from the browser and paste it into a text editor. Save it as a .crt file.
You can install your certificate by using the following command
# enable # configure # cert Entrust_cert create # pem-paste
Copy your certificate from the browser and paste it into the Cisco prompt. Your certificate has been stored as Entrust_Cert.
You must now install the Entrust Root Certificate. Please verify which root certificate you need. You can obtain the root here:
Simply copy and paste the root certificate into a text editor and save it as a entrustroot.crt
# ssl # cert EntrustRoot create # pem entrustroot.crt
Next, you will need to install the Entrust Intermediate Certificate (Cross Certificate)
Copy the Cross Certificate from the browser and save it as entrustInt.crt. Use the following command to store this certificate:
# ssl # cert EntrustInt create # pem entrustInt.crt
# certgroup CACertGroup create # cert EntrustInt
# cert EntrustRoot # end
You must now create a logical server:
# server server1 create # ip address 10.1.2.4 # localport 443 # remoteport 81 # secpolicy myPol # certgroup chain CACertGroup # cert new_cert # key new_key # finished # write flash
The certificate is now installed.
Hours of Operation:
If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
|Australia||0011 - 800-3687-7863|
|Austria||00 - 800-3687-7863|
|Belgium||00 - 800-3687-7863|
|Denmark||00 - 800-3687-7863|
|Finland||990 - 800-3687-7863 (Telecom Finland)|
00 - 800-3687-7863 (Finnet)
|France||00 - 800-3687-7863|
|Germany||00 - 800-3687-7863|
|Hong Kong||001 - 800-3687-7863 (Voice)|
002 - 800-3687-7863 (Fax)
|Ireland||00 - 800-3687-7863|
|Israel||014 - 800-3687-7863|
|Italy||00 - 800-3687-7863|
|Japan||001 - 800-3687-7863 (KDD)|
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
|Korea||001 - 800-3687-7863 (Korea Telecom)|
002 - 800-3687-7863 (Dacom)
|Malaysia||00 - 800-3687-7863|
|Netherlands||00 - 800-3687-7863|
|New Zealand||00 - 800-3687-7863|
|Norway||00 - 800-3687-7863|
|Singapore||001 - 800-3687-7863|
|Spain||00 - 800-3687-7863|
|Sweden||00 - 800-3687-7863 (Telia)|
00 - 800-3687-7863 (Tele2)
|Switzerland||00 - 800-3687-7863|
|Taiwan||00 - 800-3687-7863|
|United Kingdom||00 - 800-3687-7863|
0800 121 6078
+44 (0) 118 953 3088