Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Missing details from ACS 5.1 CSR

I have generated a CSR from the ACS 5.1 and have submitted it to the CA(Verisign) to get it signed. The CA returned an error "Errror 9506 - Missing Organization" with a detail message stating the CSR does not contain an organisation. I followed the Cisco User Guide ACS 5.1 to generate a CSR and the only inputs allowed is CN and keylength.

I have decoded the CSR and only see the CN and key length but not other details.

Where can I input other details such as Organization, OU, Locality etc in ACS 5.1? Or was is the workaround to get the certificate signed by the CA?

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Missing details from ACS 5.1 CSR

If the CA insists in having an organizational name attribute in the CSR, you could create the CSR and private key on another system, submit the CSR to the CA for signature, then import the signed certificate and private key into ACS (first option when you click on "Add" in the System Administration -> Local Server Certificates -> Local Certificates screen.

To generate a CSR in a Unix system, for example, you could use the following commands:

openssl genrsa -out mykey.pem 1024 (or use 2048 if needed)

openssel req -new -key mykey.pem -out mycsr.pem


Answer the prompts as needed, then send the fyle "mycsr.pem" to the CA for signature. When you get it back signed, import it and the private key into ACS.

2 REPLIES
Cisco Employee

Re: Missing details from ACS 5.1 CSR

If the CA insists in having an organizational name attribute in the CSR, you could create the CSR and private key on another system, submit the CSR to the CA for signature, then import the signed certificate and private key into ACS (first option when you click on "Add" in the System Administration -> Local Server Certificates -> Local Certificates screen.

To generate a CSR in a Unix system, for example, you could use the following commands:

openssl genrsa -out mykey.pem 1024 (or use 2048 if needed)

openssel req -new -key mykey.pem -out mycsr.pem


Answer the prompts as needed, then send the fyle "mycsr.pem" to the CA for signature. When you get it back signed, import it and the private key into ACS.

New Member

Re: Missing details from ACS 5.1 CSR

Thanks for your reply Javier.

I found out the solution to enter those details directly into ACS 5.1. Under 'Certificate Subject' the default value is 'CN=' making me think that CN was the only acceptable information. I found out I can enter other information by adding a comma.

Eg. In Certificate Subject: CN=acsprimary.internal,O=Cisco,OU=IT,L=NSW,A=AU

960
Views
0
Helpful
2
Replies
CreatePlease login to create content