How to Generate Certificate Signing Request (CSR) in Cisco ACS 4.2
This document provides instructions for generating a Certificate Signing Request (CSR) for Cisco ACS 5.0. If you are unable to use these instructions for your server, RapidSSL recommends that you contact Cisco.
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.
NOTE: All certificates that will expire after October 2013 must have a 2048-bit key size.
To generate a Certificate Signing Request (CSR), please perform the following steps:
1. In the navigation bar, click System Configuration
2. Click ACS Certificate Setup. Then click Generate Certificate Signing Request
3. Cisco Secure ACS displays the Generate Certificate Signing Request page.
4. In the Certificate Subject box, type the values for the certificate fields required by RapidSSL.
The format is:
(where field is the field name such as CN, and value is the applicable value for that field.)
You can type a maximum of 256 characters in the Certificate Subject box, separate values with commas.
CN=www.domain.com, O=Organization Name Inc., OU=Department, C=US, S=State, L=Locality
The following information defines the valid fields that you can include in the "Certificate Subject" box:
CN= Common Name (name that you want to secure for your certificate)
OU= Organizational Unit Name (department or unit using the certificate.
Example: IT department, sales)
O= Organization Name (The fully qualified name of your company)
L= Locality Name (This is the city your business is in)
S= State/Province Name (The state/Province must be spelled out in full. No abbreviations)
C= Country Name (Two letter country code)
E= Email address (This is not needed for our system to generate a certificate, and will be ignored)
5. In the Private Key File box, type the full directory path and name of the file in which the private key is saved. For example: c:\privatekeyfile.pem
6. In the private key password box, create a private key password for your private key.
NOTE: Make sure to save your private key password. You will need to use this password again.
If you loose your password, you will not have access to your private key and the certificate will not install when received.
7. In the Retype Private Key Password box, retype the private key password.
8. From the Key Length list, select the 2048 bit length of the key to be used.
9. From the Digest to Sign With List, select the digest (or hash algorithm). Use the default: SHA1.
10. Click Submit.
11. Cisco Secure ACS displays a CSR on the right side of the browser.
12. To copy and paste the information into the enrollment form, open the file with a Notepad as it does not add extra characters.
13. During certificate enrollment, you will be asked to select a server platform.
For additional information and steps on Cisco ACS products, please check the Cisco website.
WarungSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, WarungSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. WarungSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.
Further, WarungSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Geotrust reserves the right to make changes to any information herein without further notice.