Question:
How do I generate a Certificate Signing Request (CSR) on a Cisco ACE appliance?
Answer:
To generate the CSR, complete the following steps:
1. Generate an RSA key pair by using the crypto generate key <bitsize> <filename> command in Exec mode, where < bitsize> is the key pair security strength and < filename> is the name that you assign to the generated RSA key pair file. 例如:
ACE-1/Admin# crypto generate key 2048 key.pem
Generating 2048 bit RSA key pair
2. Create a CSR parameter set by using the crypto csr-params <csr_param_name> command in configuration mode, where <csr_param_name> is the name of the CSR parameter set. 例如:
ACE-1/Admin(config)# crypto csr-params PARAMS_1
3. After you create a CSR parameter set, the command line application enters CSR parameter configuration mode, where you define the distinguished name parameters. Define the parameters as appropriate for your domain and organization. 例如:
ACE-1/Admin(config-csr-params)# common-name www.mydomain.com ACE-1/Admin(config-csr-params)# country US ACE-1/Admin(config-csr-params)# state TX ACE-1/Admin(config-csr-params)# serial-number 001 ACE-1/Admin(config-csr-params)# locality Dallas ACE-1/Admin(config-csr-params)# organization-name Entrust ACE-1/Admin(config-csr-params)# organization-unit ECS
4. Display the CSR parameter set summary report. 例如:
ACE-1/Admin# show crypto csr-params PARAMS_1
country-name: US
state: TX
locality: Dallas
org-name: Entrust | 先进的数据及信息安全系统,确保信息的安全
org-unit: ECS
common-name: www.mydomain.com
serial-number: 001
5. Generate a CSR file for the RSA key pair file using the crypto generate csr <csr_params> <key_filename> command in Exec mode of the context containing the RSA key pair file created in Step 1 above. 例如:
ACE-1/Admin# crypto generate csr PARAMS_1 key.pem -----BEGIN CERTIFICATE REQUEST----- MIIBcDCCARoCAQAwgbQxCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlTb21lU3RhdGUx ETAPBgNVBAcTCFNvbWVDaXR5MRcwFQYDVQQKEw5BIENvbXBhbnkgTmFtZTEbMBkG A1UECxMSV2ViIEFkbWluaXN0cmF0aW9uMR0wGwYDVQQDExR3d3cuYWNvbXBhbnlu YW1lLmNvbTEpMCcGCSqGSIb3DQEJARYad2ViYWRtaW5AYWNvbXBhbnluYW1lLmNv bSAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtBNcNXMBqh5cJHbWFsqe9LMUO90T pYG7gF5ODvtFGREMkHh7s6S1GF131IBWCSelG4Q/qEztjCO7y3pyjruVNQIDAQAB oAAwDQYJKoZIhvcNAQEEBQADQQCMmXRdNPBDtMQPFvylpED5UMbeaMRm2iaC+1uZ ETAPBgNVBAcTCFNvbWVDaXR5MRcwFQYDVQQKEw5BIENvbXBhbnkgTmFtZTEbMBkG A1UECxMSV2ViIEFkbWluaXN0cmF0aW9uMR0wGwYDVQQDExR3d3cuYWNvbXBhbnlu YW1lLmNvbTEpMCcGCSqGSIb3DQEJARYad2ViYWRtaW5AYWNvbXBhbnluYW1lLmNv IaHmdoX4h5eckauu9pPgSxczau8w68PF+PDS9DAAMeRDxisL -----END CERTIFICATE REQUEST-----