Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Generate Certificate Signing Request ACS SE4.2

When I try to generate certicate signing request in ACS SE 4.2 I don't know what is Certificate Subject

CN=

Private Key file ?

Private Key Password ?

What should I write in the part CN?, and the private key file and password key is either name?

Please could you tell me in this items, beacuse i want to install my certificate in the ACE SE

Thanks

  • AAA Identity and NAC
3 REPLIES

Re: Generate Certificate Signing Request ACS SE4.2

CN is the common name of the device. Usually people type the name of the device as a CN.

New Member

Re: Generate Certificate Signing Request ACS SE4.2

Dear lavramov:

I know that, in the case of ACS software for windows, the common name is the name of the machine where is installed the software ACS, in this case if the name of the machine is PC, then the common name is:

CN= PC.domain.com

But in my case, the ACS is appliance Solution Engine, by your advice

I have to put the common name like the hostname of the ACS SE when I set this initial parameter the first time?

ACS Appliance name is set to xxx.

And what is the private key and password of the private key? What should i put in this items

Thanks

Re: Generate Certificate Signing Request ACS SE4.2

Ivan,

Your ACS SE needs to have a Fully Qualified Domain Name. Even though it is an appliance, it is really a computer. That FQDN is what you use for CN. Also, that FQDN should be something that resolves in DNS. This is all a part of how your 802.1x clients figure out if they trust your ACS SE's certificate (the CN and DNS should resolve/match).

The private key/password is anything you care to use. When you have the CSR signed by your CA (when you submit to CSR to whoever is generating your certs), you then install the signed certificate (which contains the ACS SE's public key) onto the ACS SE box. During this install of the cert, you will be asked to provide the name and password of the private key (however, the name and password is usually pre-populated for you). The certificate/public key is then uploaded and combined with the private key to produce a complete certificate for the ACS SE.

Be sure to also install the CA's certificate (System Configuration -> ACS Certification Authority Setup) so that your ACS SE appliance shows a "trusted chain" for the certificate (the certificate itself, along with the public portion of the CA's certificate)

766
Views
0
Helpful
3
Replies
This widget could not be displayed.