Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

gencsr question on css11506

I have a ssl module just installed. and tried to configure ssl termination.

followed the quick start, after generate a rsa key and associated the key into a file, I have run ssl gencsr.

the next step is to send the output to a CA. I have tried to find anything for A CA, and found that all of them need a charge.


1. on gencsr command, there is a question about domain. if I give, then the CA will be only used by myhost, is it right? so, if I give only the all the hosts in my domain can use the CA, am I wrong?

2. my client will be oracle users. do I need give different oracle database/application a different CA?

3. can I create CA myself since the ssl only used inside my company, internally.

Any comments will be apprecated

Thanks in advance

Cisco Employee

Re: gencsr question on css11506

Not sure about the domain name, but I think that the name you specify there must match the name that the clients use to connect.

You can create a fully self signed certificate, which is fine is all your users are internal.

Have a look at this document for details:

Cisco Employee

Re: gencsr question on css11506

1. you can get a multiple hosts certificate. The cost is more expensive so.

You'll have to check with the CA what they offer.

2. The certificate itself has no restriction/limitation. The problem would come from the application. If the application uses the name contained in the certificate to differentiate platforms or applications or ... you can't reuse the same certificate.

3. you can create your own CA.

Simply use the 'openssl' tool to self signed your own certificate.

It's heavily documented on the web.



Thanks for rathing this answer.

CreatePlease login to create content