Generate Certificate Signing Request ACS SE4.2

Unanswered Question
Aug 1st, 2009

When I try to generate certicate signing request in ACS SE 4.2 I don't know what is Certificate Subject

CN=

Private Key file ?

Private Key Password ?

What should I write in the part CN?, and the private key file and password key is either name?

Please could you tell me in this items, beacuse i want to install my certificate in the ACE SE

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Lucien Avramov Sat, 08/01/2009 - 13:44

CN is the common name of the device. Usually people type the name of the device as a CN.

ivan.martin Sat, 08/01/2009 - 20:31

Dear lavramov:

I know that, in the case of ACS software for windows, the common name is the name of the machine where is installed the software ACS, in this case if the name of the machine is PC, then the common name is:

CN= PC.domain.com

But in my case, the ACS is appliance Solution Engine, by your advice

I have to put the common name like the hostname of the ACS SE when I set this initial parameter the first time?

ACS Appliance name is set to xxx.

And what is the private key and password of the private key? What should i put in this items

Thanks

Robert.N.Barrett_2 Tue, 08/04/2009 - 07:18

Ivan,

Your ACS SE needs to have a Fully Qualified Domain Name. Even though it is an appliance, it is really a computer. That FQDN is what you use for CN. Also, that FQDN should be something that resolves in DNS. This is all a part of how your 802.1x clients figure out if they trust your ACS SE's certificate (the CN and DNS should resolve/match).

The private key/password is anything you care to use. When you have the CSR signed by your CA (when you submit to CSR to whoever is generating your certs), you then install the signed certificate (which contains the ACS SE's public key) onto the ACS SE box. During this install of the cert, you will be asked to provide the name and password of the private key (however, the name and password is usually pre-populated for you). The certificate/public key is then uploaded and combined with the private key to produce a complete certificate for the ACS SE.

Be sure to also install the CA's certificate (System Configuration -> ACS Certification Authority Setup) so that your ACS SE appliance shows a "trusted chain" for the certificate (the certificate itself, along with the public portion of the CA's certificate)

Actions

This Discussion