Cisco Support Community
Community Member

Manually generate a CSR on PIX Running V6 Software

Hello All.

I need to create a site to site VPN tunnel using Verisign SSL certificates instead of a pre-shared key.

The V6 Software on the pix only has configuration instructions to configure it to use SCEP (Simple Certification Enrollment Process). However Verisign have stated that they no longer support SCEP and that you must manually generate a CSR on the device and copy and paste the result onto their web page when purchasing the certificate.

The question is

Can you Manually generate a CSR on a PIX firewall Running V6 Software?

It seems possible to do this using V7 Software, however I am using a PIX506E which cannot be upgraded to V7.

If anyone can let me know the answer to my question that would be most appreciated.

Thanks in advance



Re: Manually generate a CSR on PIX Running V6 Software

A certificate signing request (CSR) is required in order for the third party CA to issue an identity certificate. The CSR contains your ASA's distinguished name (DN) string along with the ASA's generated public key. The ASA uses the generated private key to digitally sign the CSR.

Refer the following url for more info on generating RSA:

CreatePlease to create content