cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1324
Views
0
Helpful
2
Replies

Missing details from ACS 5.1 CSR

nomadicwifi
Level 1
Level 1

I have generated a CSR from the ACS 5.1 and have submitted it to the CA(Verisign) to get it signed. The CA returned an error "Errror 9506 - Missing Organization" with a detail message stating the CSR does not contain an organisation. I followed the Cisco User Guide ACS 5.1 to generate a CSR and the only inputs allowed is CN and keylength.

I have decoded the CSR and only see the CN and key length but not other details.

Where can I input other details such as Organization, OU, Locality etc in ACS 5.1? Or was is the workaround to get the certificate signed by the CA?

1 Accepted Solution

Accepted Solutions

If the CA insists in having an organizational name attribute in the CSR, you could create the CSR and private key on another system, submit the CSR to the CA for signature, then import the signed certificate and private key into ACS (first option when you click on "Add" in the System Administration -> Local Server Certificates -> Local Certificates screen.

To generate a CSR in a Unix system, for example, you could use the following commands:

openssl genrsa -out mykey.pem 1024 (or use 2048 if needed)

openssel req -new -key mykey.pem -out mycsr.pem


Answer the prompts as needed, then send the fyle "mycsr.pem" to the CA for signature. When you get it back signed, import it and the private key into ACS.

View solution in original post

2 Replies 2

If the CA insists in having an organizational name attribute in the CSR, you could create the CSR and private key on another system, submit the CSR to the CA for signature, then import the signed certificate and private key into ACS (first option when you click on "Add" in the System Administration -> Local Server Certificates -> Local Certificates screen.

To generate a CSR in a Unix system, for example, you could use the following commands:

openssl genrsa -out mykey.pem 1024 (or use 2048 if needed)

openssel req -new -key mykey.pem -out mycsr.pem


Answer the prompts as needed, then send the fyle "mycsr.pem" to the CA for signature. When you get it back signed, import it and the private key into ACS.

Thanks for your reply Javier.

I found out the solution to enter those details directly into ACS 5.1. Under 'Certificate Subject' the default value is 'CN=' making me think that CN was the only acceptable information. I found out I can enter other information by adding a comma.

Eg. In Certificate Subject: CN=acsprimary.internal,O=Cisco,OU=IT,L=NSW,A=AU

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: