I have generated a CSR from the ACS 5.1 and have submitted it to the CA(Verisign) to get it signed. The CA returned an error "Errror 9506 - Missing Organization" with a detail message stating the CSR does not contain an organisation. I followed the Cisco User Guide ACS 5.1 to generate a CSR and the only inputs allowed is CN and keylength.
I have decoded the CSR and only see the CN and key length but not other details.
Where can I input other details such as Organization, OU, Locality etc in ACS 5.1? Or was is the workaround to get the certificate signed by the CA?
If the CA insists in having an organizational name attribute in the CSR, you could create the CSR and private key on another system, submit the CSR to the CA for signature, then import the signed certificate and private key into ACS (first option when you click on "Add" in the System Administration -> Local Server Certificates -> Local Certificates screen.
To generate a CSR in a Unix system, for example, you could use the following commands:
openssl genrsa -out mykey.pem 1024 (or use 2048 if needed)
openssel req -new -key mykey.pem -out mycsr.pem
Answer the prompts as needed, then send the fyle "mycsr.pem" to the CA for signature. When you get it back signed, import it and the private key into ACS.