Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

gencsr question on css11506

I have a ssl module just installed. and tried to configure ssl termination.

followed the quick start, after generate a rsa key and associated the key into a file, I have run ssl gencsr.

the next step is to send the output to a CA. I have tried to find anything for A CA, and found that all of them need a charge.

question:

1. on gencsr command, there is a question about domain. if I give myhost.mydomain.au, then the CA will be only used by myhost, is it right? so, if I give only mydomain.au the all the hosts in my domain can use the CA, am I wrong?

2. my client will be oracle users. do I need give different oracle database/application a different CA?

3. can I create CA myself since the ssl only used inside my company, internally.

Any comments will be apprecated

Thanks in advance

2 REPLIES
Cisco Employee

Re: gencsr question on css11506

Not sure about the domain name, but I think that the name you specify there must match the name that the clients use to connect.

You can create a fully self signed certificate, which is fine is all your users are internal.

Have a look at this document for details:

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_750/sslgd/certkeys.htm#wp999000

Cisco Employee

Re: gencsr question on css11506

1. you can get a multiple hosts certificate. The cost is more expensive so.

You'll have to check with the CA what they offer.

2. The certificate itself has no restriction/limitation. The problem would come from the application. If the application uses the name contained in the certificate to differentiate platforms or applications or ... you can't reuse the same certificate.

3. you can create your own CA.

Simply use the 'openssl' tool to self signed your own certificate.

It's heavily documented on the web.

Regards,

Gilles.

Thanks for rathing this answer.

166
Views
0
Helpful
2
Replies
CreatePlease login to create content