Cisco Support Community

Enrolling Cisco Router as Sub CA to Win2k8 offline CA

Hi all,

I'm after some help and guidance on the process of enrolling a Cisco Router as a Subordinate CA to an existing Windows 2008 Standalone Root CA. Due to the security policies in place on the customer account, the Root cannot be attached to the network, therefore all requests have to submitted and issued manually.

Can anyone point me in the right direction? Should I be trying to create a Certificate Request File (CSR) on the router itself or should I just go for something like OpenSSL to generate the request? I have currently tried both of these ways. If I generate a CSR on the router, the Windows CA doesn't seem to want to issue a certificate as a "SubCA" certificate. Using a combination of a different windows server and OpenSSL I have managed to get a Sub CA certificate issued, but cannot get the certificate or private key file imported onto the router.

Any information on this process would be much appreciated,



Everyone's tags (5)

Enrolling Cisco Router as Sub CA to Win2k8 offline CA

Just for completeness - we have bee advised by Cisco that "Enrollment terminal" is not supported when creating Subordinate CA's...

CreatePlease to create content