09-17-2010 01:57 AM - edited 03-10-2019 05:25 PM
Hello
I am doing a dot1x solution with web auth on cisco 3750 switches.
Once the wired client get put into web auth state (after dot1x and mab) and goes to a website, he gets a certificate warning. This is because the certificate of the cisco switch is selfsigned.
I want to use a verisign certificate to solve this error, but I cannot find a way to generate a CSR on a switch. I only found a guide how to request a certificate from a CA on the local network, but this is also not a solution, because the clients using the web auth, will not know the internal CA.
Is there any way to solve this?
Greetings
Steven
Solved! Go to Solution.
09-20-2010 07:27 AM
Hi Steven,
The below document is actually for IOS SSLVPN, but the certificate portion should be the same:
Search for "Appendix B" and it goes into creating a trustpoint and then one section is for self-signed and another is for generating a certificate request to send to an external CA.
Once a trustpoint is created the command to actually generate the CSR is "crypto pki enroll
This document goes into a little more detail on all the indivual commands and what they do:
Also you could use something external to the switch like OpenSSL to generate the CSR/private key and then use that to request a cert from your Verisign CA and then import the cert/keypair into the IOS device.
Thanks,
Nate
09-20-2010 07:27 AM
Hi Steven,
The below document is actually for IOS SSLVPN, but the certificate portion should be the same:
Search for "Appendix B" and it goes into creating a trustpoint and then one section is for self-signed and another is for generating a certificate request to send to an external CA.
Once a trustpoint is created the command to actually generate the CSR is "crypto pki enroll
This document goes into a little more detail on all the indivual commands and what they do:
Also you could use something external to the switch like OpenSSL to generate the CSR/private key and then use that to request a cert from your Verisign CA and then import the cert/keypair into the IOS device.
Thanks,
Nate
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: