Manually generate a CSR on PIX Running V6 Software

Unanswered Question
Jul 3rd, 2008
User Badges:

Hello All.

I need to create a site to site VPN tunnel using Verisign SSL certificates instead of a pre-shared key.

The V6 Software on the pix only has configuration instructions to configure it to use SCEP (Simple Certification Enrollment Process). However Verisign have stated that they no longer support SCEP and that you must manually generate a CSR on the device and copy and paste the result onto their web page when purchasing the certificate.

The question is

Can you Manually generate a CSR on a PIX firewall Running V6 Software?

It seems possible to do this using V7 Software, however I am using a PIX506E which cannot be upgraded to V7.


If anyone can let me know the answer to my question that would be most appreciated.


Thanks in advance

Chris

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hadbou Wed, 07/09/2008 - 13:43
User Badges:
  • Bronze, 100 points or more

A certificate signing request (CSR) is required in order for the third party CA to issue an identity certificate. The CSR contains your ASA's distinguished name (DN) string along with the ASA's generated public key. The ASA uses the generated private key to digitally sign the CSR.


Refer the following url for more info on generating RSA:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml#step2

Actions

This Discussion