Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Manage Certificates on the RV34x Series Router

Objective

A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows relying parties to depend upon signatures or assertions made by the private key that corresponds to the public key that is certified. A router can generate a self-signed certificate, a certificate created by a network administrator. It can also send out requests to Certificate Authorities (CA) to apply for a digital identity certificate. It is important to have legitimate certificates from third party applications.

The objective of this article is to show you how to create and manage certificates on the RV34x Series Router.

Applicable Devices

  • RV34x Series

Software Version

  • 1.0.01.16

Manage Certificates on the Router

Generate CSR/Certificate

Step 1. Log in to the web-based utility of the router and choose Administration > Certificate.

Step 2. Click Generate CSR/Certificate. You will be brought to the Generate CSR/Certificate page.

Step 3. Choose the appropriate certificate type from the Type drop-down list. The options are:

  • Self-Signing Certificate — This is a Secure Socket Layer (SSL) certificate which is signed by its own creator. This certificate is less trusted, as it cannot be cancelled if the private key is compromised somehow by an attacker.
  • Certified Signing Request — This is a Public Key Infrastructure (PKI) which is sent to the certificate authority to apply for a digital identity certificate. It is more secure than self-signed as the private key is kept secret.

Note: In this example, Self-Signing Certificated is used.

Step 4. Enter a name for your certificate in the Certificate Name field to identify the request. This field cannot be blank nor contain spaces and special characters.

Note: For this example, SSLCert is used.

Step 5. (Optional) Under the Subject Alternative Name area, click a radio button. The options are:

  • IP Address — Enter an Internet Protocol (IP) address
  • FQDN — Enter a Fully Qualified Domain Name (FQDN)
  • Email — Enter an email address

Note: For this example, FQDN is chosen.

Step 6. In the Subject Alternative Name field, enter the FQDN.

Note: In this example, spprtfrms is used.

Step 7. Choose a country name in which your organization is legally registered from the Country Name drop-down list.

Note: For this example, US was chosen.

Step 8. Enter a name or abbreviation of the state, province, region, or territory where your organization is located in the State or Province Name(ST) field.

Note: For this example, NY is used.

Step 9. Enter a name of the locality or city in which your organization is registered or located in the Locality Name field.

Note: For this example, Queens is used.

Step 10. Enter a name under which your business is legally registered. If you are enrolling as a small business or sole proprietor, enter the name of the certificate requester in the Organization Name field. Special characters cannot be used.

Note: For this example, Ponderlust Systems Inc is used.

Step 11. Enter a name in the Organization Unit Name field to differentiate between divisions within an organization.

Note: For this example, I Rand Biz is used.

Step 12. Enter a name in the Common Name field. This name must be the fully-qualified domain name of the website for which you use the certificate for.

Note: For this example, ponderlustsystemsinc.com is used.

Step 13. Enter the Email Address of person who wants to generate the certificate.

Note: For this example, spprtfrms@ponderlust.com is used.

Step 14. From the Key Encryption Length drop-down list, choose a key length. The options are 512, 1024, and 2048. The greater the key length, the more secure the certificate.

Note: For this example, 2048 is used.

Step 15. In the Valid Duration field, enter the number of days the certificate will be valid. The default is 360.

Note: For this example, 365 is used. If you chose Certified Signing Request in Step 2, skip to Step 16.

Step 16. Click Generate.

Step 17. (Optional) To generate another certificate, repeat Steps 2-16.

Note: The generated certificate should now appear in the Certificate Table.

You should now have successfully created a certificate on the RV34x Series Router.

Export a Certificate

Step 1. In the Certificate Table, check the check box of the certificate you want to export.

Note: For this example, Default is chosen. Default cannot be deleted nor imported.

Step 2. Click on Export.

Step 3. Click a format to export the certificate. The options are:

  • PKCS #12 — Public Key Cryptography Standards (PKCS) #12 is an exported certificate that comes in a .p12 extension. A password will be required in order to encrypt the file to protect it as it is exported, imported, and deleted.
  • PEM — Privacy Enhanced Mail (PEM) is often used for web servers for their ability to be easily translated into readable data by using a simple text editor such as notepad.

Note: For this example, PKCS #12 is used. If you chose PEM, skip to Step 7.

Step 4. Enter a password to secure the file to be exported in the Enter Password field.

Step 5. Re-enter the password in the Confirm Password field.

Step 6. In the Select Destination area, PC has been chosen and is the only option currently available.

Step 7. Click Download.

Note: A message indicating the success of the download will appear below the Download button. A file will begin to download in your browser.

You should now have successfully exported a certificate on the Rv34x Series Router.

Import a Certificate

Step 1. In the Certificate area, click on Import Certificate.

Step 2. Choose the type of certificate to import from the drop-down list. The options are:

  • Local Certificate — A certificate generated on the router.
  • CA Certificate — A certificate that is certified by a trusted third-party authority that has confirmed that the information contained in the certificate is accurate.
  • PKCS #12 Encoded file — Public Key Cryptography Standards (PKCS) #12 is a format of storing a server certificate.

Note: For this example, PKCS #12 encoded file was chosen.

Step 3. Enter a name for the certificate in the Certificate Name field.

Note: For this example, pkcs_cert is used as the certificate name.

Step 4. (Optional) If PKCS #12 was chosen in Step 2, enter a password for the file in the Import Password field. Otherwise, skip to Step 5.

Step 5. Click a source to import the certificate. The options are:

  • Import from PC
  • Import from USB

Note: For this example, Import from PC is chosen. If the router does not detect a USB drive, the Import from USB option will be grayed out.

Step 6. (Optional) If you chose Import From USB and your USB is not being recognized by the router, click Refresh.

Step 7. Click on the Choose File button and choose the appropriate file.

Note: For this example, Default.p12 is chosen.

Step 8. Click Upload.

Note: Once successful, you will automatically be taken to the main Certificate page. The Certificate Table will populate with the recently imported certificate.

You should now have successfully imported a certificate on your RV34x Series Router.

1
Views
0
Helpful
0
Comments