Search Support
contact us

Let Us Make it Easy for You. Call 1-877-898-3290 for MyTime Support™. Learn More

Generating a Certificate Signing Request or CSR Topics

Article Rating: 2 / 5 Votes: 17

CSR for Cisco® VPN 3000 Series Concentrator

Creating an Enrollment Request for an SSL Certificate for Cisco® VPN 3000 Series Concentrators

An Enrollment request for an SSL certificate consists of a base 64 encoded PKCS#10 file that the VPN Concentrator generates based on information you provide in the steps that follow.

 

Note: You must get the SSL certificate for a LAN-to-LAN connection from the same CA that issued its CA certificate.

 

Step 1. In the Administration | Certificate Management screen. Click Click here to Enroll with a Certificate Authority. The Administration | Certificate Management | Enroll screen displays.

 

Figure 1 Administration | Certificate Management | Enroll Screen 

 

Step 2. Click Identity certificate. The Administration | Certificate Management | Enroll | SSL certificate screen displays.

 

Figure 2 Administration | Certificate Management | Enroll | SSL certificate Screen 

 

Step 3. Click Enroll via PKCS10 Request (Manual). The Administration | Certificate Management | Enroll | SSL certificate | PKCS10 Screen displays.

 

Figure 3 Administration | Certificate Management | Enroll | SSL certificate | PKCS10 Screen 

 

Step 4. Enter values in each of the fields on this screen. (above)

 

Step 5. When you have finished, click Enroll. The Administration | Certificate Management | Enroll | Request Generated screen displays

 

Figure 4 Administration | Certificate Management | Enroll | Request Generated Screen 

 

The Manager displays this screen when the system has successfully generated a certificate request.

 

Note You must complete the Enrollment and certificate installation process within one week of generating the request. If you do not, the pending request is deleted .As the screen text indicates, within a few seconds, a browser window opens with the certificate request.

 

Figure 5 Example of a Certificate Request

 

You have generated a base 64 encoded PKCS#10 file (Public Key Certificate Syntax-10), which most CAs recognize or require. The system automatically saves this file in Flash memory with the filename shown in the browser (pkcsNNNN.txt).

 

In generating the request, the system also generates the private key used in the PKI process. That key remains on the VPN Concentrator in encrypted form.

 

Step 6. Save the request in to disk to be pasted into the CSR Request field for when you order the certificate online.

 

Step 7. Close this browser window when you have finished.

 

Requesting an SSL certificate from a CA for VPN 3000 Series Concentrator

Next you submit the SSL request. This must be the same CA that issued the CA certificate for this LAN-to-LAN connection. Submit the request and retrieve an SSL certificate according to the procedures of your CA.