cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8259
Views
9
Helpful
2
Replies

How to generate a CSR on Cisco ACE blade

cricketbuff
Level 1
Level 1

Does anyone have procedures to create CSR on cisco ACE module?

Thanks

2 Replies 2

sachinga.hcl
Level 4
Level 4

Hi Cricketbuff,

The following steps are needed to configure SSL termination on the Cisco ACE:

1. Generate or import the key.

The syntax to generate the key on the Cisco ACE follows:

crypto generate key 1024

Example: crypto generate key 1024 testkey

The syntax to import the key to the Cisco ACE follows:

crypto import [non-exportable] [ ftp | sftp | tftp | terminal] [passphrase:passphrase] [ipaddr] [username] [password] [remote_filename] [local_filename]

2. Then Generate the certificate sign request (CSR).

The CSR can either be generated externally or on the Cisco ACE.

The following are sample steps that show how to generate CSR on the Cisco ACE:

Configure CSR parameters on the Cisco ACE:

crypto csr-params test123

country US

state CA

organization-unit IT

common-name aceapp.ccc.com

serial-number 1000

email user@ccc.com

3. Generate CSR using key and CSR parameters:

crypto generate csr test123 testkey

-----BEGIN CERTIFICATE REQUEST-----

MIIBnTCCAQYCAQAwXTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQLEwJJVDEXMBUGA1UEAxMOYWNlY

XBwLmNjYy5jb20xGzAZBgkqhkiG9w0BCQEWDHVzZXJAY2NjLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgY

EA1eaM318pX10/G8FYpi0cBRHdZA1Lxd9Q1vz2/nedQnNOkt0ZWQogH1Zgd5sxLHlPtn5afADhXmVreoY3c+s7TSG

vMLLXTIKxTbcURlw/0Y6CGpI/e3ASUBeLtMg7LE2C1EG6ZUL9HJyhUrZNXwOBXFAFL9DwrEx9CQJTmnKzj/8CAwEA

AaAAMA0GCSqGSIb3DQEBBAUAA4GBAJbKwzS/vuKhiu+PvEySUzCCHclA+x4KiON26txzKyog7YF7D0ZMKMcQjxrKW

ZRWtQgZPjv43Yzwqz4L8w8PyGsmBl7EYi7bOHQjcoKitfL4LJ9Qro8tf/tdn5DC1rGd3BP4XQ9SlxNBgHxzlzFS2f

WI/ynCmv5rbMtG+f/LHyKA

-----END CERTIFICATE REQUEST-----

3. Now Transfer the CSR request to Certificate Authority (CA) for signing

4. Load the CA signed certificate on the Cisco ACE

The syntax to import the certificate to the Cisco ACE follows:

crypto import [non-exportable] [ ftp | sftp | tftp | terminal] [passphrase:passphrase]

[ipaddr] [username] [password] [remote_filename] [local_filename]

5. If needed, chain the certificates using a chain group:

The chain consists of the certificates in the chain group, plus the configured certificate.

crypto chaingroup CCCSSLCA-group

cert CCCSSLCA.PEM

cert DSTROOTCA.PEM

cert ACEAPP-CERT.PEM

6. Configure the SSL parameter map, which is used to define parameters for SSL connections:

parameter-map type ssl PARAMMAP_SSL

cipher RSA_WITH_AES_128_CBC_SHA priority 2

7. Configure SSL proxy service:

ssl-proxy service PSERVICE_SERVER

key ACEKEY.PEM

cert ACEIDM-CERT.PEM

chaingroup CISCOSSLCA-group

ssl advanced-options PARAMMAP_SSL

Note: When you are creating a certificate signing request (CSR) at the ACE CLI using the csr-generate command, you cannot use the space character in the State value. Workaround: Use the state abbreviation.

Like here in the example California is said by abbrevation CA. So use similar types for states only one word withour space.

Kindly find below mentioned URL for your further information :

1.

http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Without_an_Existing_Chained_Certificate_and_Key_in_Routed_Mode_Configuration_Example

2.

http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Without_an_Existing_Chained_Certificate_and_Key_in_One_Arm_Mode_Configuration_Example

3.

http://cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/ssl/guide/certkeys.html

4. Command line : CSR Parameters Configuration Mode Commands

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/command/reference/csrparam.html

Kindly rate if find useful.

Sachin Garg

dkirsch
Level 1
Level 1

I'll answer this in two ways: first manually and second via Application Networking Manager

(1) Manual method defined/described here: http://www.cisco.com/en/US/partner/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/ssl/guide/certkeys.html#wp1008264

this is the ACE Module SSL Configuration Guide, Managing Certificates and Keys, Generating a Certificate Signing Request

(2) ANM method defined/described here:

http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/application_networking_manager/2.2/user/guide/ug_ssl.html#wp1054987

this is the ANM User Guide, Configuring SSL, Generating CSRs

Cheers,

David K.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: