CSR Generation: Cisco VPN 3000 Series Concentrator
Posted by Technical Support PT, Last modified by on November 16 2007 20:01
Creating A CSR for the VPN 3000 Series Concentrator|
Step 1. In the Administration | Certificate Management screen. Click Click here to Enroll with a Certificate Authority. The Administration | Certificate Management | Enroll screen displays.
Figure 1 Administration | Certificate Management | Enroll Screen
Step 2. Click Identity certificate. The Administration | Certificate Management | Enroll | SSL certificate screen displays.
Step 3. Click Enroll via PKCS10 Request (Manual). The Administration | Certificate Management | Enroll | SSL certificate | PKCS10 Screen displays.
Step 4. Enter values in each of the fields on this screen.
Step 5. When you have finished, click Enroll. The Administration | Certificate Management | Enroll | Request Generated screen displays
The Manager displays this screen when the system has successfully generated a certificate request.
Note You must complete the Enrollment and certificate installation process within one week of generating the request. If you do not, the pending request is deleted .As the screen text indicates, within a few seconds, a browser window opens with the certificate request.
Figure 5 Example of a Certificate Request
You have generated a base 64 encoded PKCS#10 file (Public Key Certificate Syntax-10), which most CAs recognize or require. The system automatically saves this file in Flash memory with the filename shown in the browser (pkcsNNNN.txt).
In generating the request, the system also generates the private key used in the PKI process. That key remains on the VPN Concentrator in encrypted form.
Step 6. Save the request in to disk to be pasted into the CSR Request field for when you order the certificate online.
Step 7. Close this browser window when you have finished.
Requesting an SSL certificate from a CA for VPN 3000 Series Concentrator
Next you submit the SSL request. This must be the same CA that issued the CA certificate for this LAN-to-LAN connection. Submit the request and retrieve an SSL certificate according to the procedures of your CA.