Obtaining Server Certificate

Best practice is toreplace the default server certificate in themanaged devicewith a custom certificate issued for your site or domain by a trustedCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.。To obtain a security certificate for themanaged devicefrom aCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.:

1.Generate aCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.on themanaged device。

2.Submit theCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.to aCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.。Copy and paste the output of theCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.into an email and send it to theCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.of your choice.

3.TheCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.returns a signed server certificate and the certificate andpublic keyThe part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient.of theCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.。

4.Install the server certificate, as described inManaging Certificates。

There can be only one outstandingCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.at a time in the device. Once you generate aCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate., you need to import theCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.-signed certificate into the device before you can generate anotherCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.。 If certificates should be obtained for multiplemanaged devicesusing theCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.method in aMobility Master-Managed devicestopology, then generate and import theCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.for eachmanaged deviceseparately. IfCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.is generated for multiplemanaged devicesat a time, the previously generatedCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.will be overridden and the certificate import will fail.

The following procedure describes how to generate aCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.on themanaged device。

1.In theManaged Networknode hierarchy, navigate to theConfiguration > System > Certificatestab and expand theCSRaccordion.

2.Enter the following information:

Table 1:CSR Parameters

Parameter	Description	Range
CSR Type	Type of theCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.。 You can generate a certificate signing request either with an elliptic curve key, or with aRSARivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet.key。	EC orRSARivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet.
Curve name	Length of the private orpublic keyThe part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient.forECDSAElliptic Curve Digital Signature Algorithm. ECDSA is a cryptographic algorithm that supports the use of public or private key pairs for encrypting and decrypting information.。This is applicable only ifCSR Typeisec。	secp256r1 or secp384r1
Key Length	Length of the private orpublic keyThe part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient.forRSARivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet.。 This is applicable only ifCSR Typeisrsa。 NOTE:RSARivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet.-1024 is not permitted if themanaged deviceis operating in theFIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies.mode.	1024, 2048, or 4096
Common Name	Typically, this is the host and domain name, as in www.example.com.	—
Country	Two-letter ISO country code for the country in which your organization is located.
State/Province	State, province, region, or territory in which your organization is located.
City	City in which your organization is located.
Organization	Name of your organization.
Unit	Optional field to distinguish a department or other unit within your organization.
Email Address	Email address referenced in theCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.。

3.ClickGenerate New。

4.ClickView Current显示generatedCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.。选择并复制CSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.output between the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines, paste it into an email and send it to theCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.of your choice.

The followingCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.commands generate aCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.。

1.Run the following command:

crypto pki csr {rsa key_len |{ec curve-name } common_name country state_or_province city organization unit email

RSARivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet.-1024 is not permitted if themanaged deviceis operating in theFIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies.mode.

2.Display theCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.output with the following command:

show crypto pki csr

3.Copy theCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.output between the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines, paste it into an email and send it to theCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.of your choice.