topic Cisco ACS 5.3 Certificate Request in Network Access Control

Cisco ACS 5.3 Certificate Request

Mike Lehmann — Mon, 11 Mar 2019 02:34:56 GMT

I try to generate a certificate request in Cisco ACS 5.3 Web GUI via

System Administration > Configuration > Local Server Certificates > Local Certificates > Add > Generate Certificate Signing Request .

The DN we have to use is specified by our CA-Administrator to something like

"O=my-company-for IT Service (mcIT),L=Berlin,ST=Berlin,C=DE" .

(spaces, brackets, ... but this is the requirement)

So my input in the field Certificate Subject is "CN= myserver.mcit.com,O=my-company-for IT Service (mcIT),L=Berlin,ST=Berlin,C=DE" .

(Key Length=2048, Digest=SHA1)

But then I get an error: Certificate Validation Error: "Invalid certificate subject DN name"

When I omit ST attribute it creates a request, but due to CA requirements I cannot.

The length of DN is 101.

Event without round brackets "(..)" the error occurs.

Some ideas?

Re:Cisco ACS 5.3 Certificate Request

Tarik Admani — Mon, 24 Sep 2012 13:10:01 GMT

Your best bet is to use openssl to generate a CSR. Once you receive the signed cert import the cert and the intermediate and root certs along with the private key.

Let me know if you need help with that.

Sent from Cisco Technical Support Android App

Cisco ACS 5.3 Certificate Request

Mike Lehmann — Mon, 24 Sep 2012 13:18:29 GMT

Ok, I could generate a certificate request with openssl on an separate linux box.

Then I think to import the signed certificate file I have to go to

System Administration > ... > Configuration > Local Server Certificates > Local Certificates > Create > Bind CA Signed Certificate... , right ?

But where I can import the private key ?

As far as I understand by using the GUI the private key is created and later bound automatically to the signed cert but it is not directly accessible.

Re:Cisco ACS 5.3 Certificate Request

Tarik Admani — Mon, 24 Sep 2012 13:40:04 GMT

You will have to import the certificate. It will ask for the private key and private key password along with the cert.

Sent from Cisco Technical Support Android App

Re:Cisco ACS 5.3 Certificate Request

hkhrais — Mon, 24 Sep 2012 20:56:38 GMT

Hi ,

It's not bind CA certificate . It's the first option which is import seever certificate option

HTH

Sent from Cisco Technical Support Android App

Cisco ACS 5.3 Certificate Request

Mike Lehmann — Wed, 26 Sep 2012 07:15:12 GMT

Unfortunately it's not working.

I created a certificate (request and private key) on a linux box with openssl and sent the cert to our CA for signing.

Now I tried to import the signed cert with

System Administration > ... > Configuration > Local Server Certificates > Local Certificates > Create > Import Server Certificate, with my cert.pem and privkey.pem files and the password from request generation.

I get an error "Certification Validation Error: Invalid private key"

Request generation with the GUI wasn't possible - I suspect the ST attribute (without it is possible).

As already mentioned our CA requires a DN like "O=my-company-for IT Service (mcIT),L=Berlin,ST=Berlin,C=DE"

ST is mandatory.

Does anybody an idea to solve this crux?

best regards

Cisco ACS 5.3 Certificate Request

Ossama El Abbadi — Thu, 17 Jan 2013 08:53:39 GMT

Hi Mike,

I have the same problem, have you solved it ?

Cisco ACS 5.3 Certificate Request

Mike Lehmann — Thu, 17 Jan 2013 12:58:16 GMT

Using "S=" instead of "ST=" worked for me.

b.r.