Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
0
Helpful
1
Replies

css11506 with multi-host certificate

julxu
Level 1
Level 1

‎07-08-2015 05:45 PM

hi

 

Could anyone help me for a stringy question?

 

I need a VIP with a certificate which is including two domain name, such as julxu.domain1 and julxu.domain, could I get this done?

 

However, I had tried on command "ssl gencsr julxuRSAkey" it do give me a code, please advice, if it can be used:

 

css11506:(config)# ssl gencsr julxuRSAkey

You are about to be asked to enter information

that will be incorporated into your certificate

request. What you are about to enter is what is

called a Distinguished Name or a DN.

For some fields there will be a default value,

If you enter '.', the field will be left blank.

Country Name (2 letter code) [US]xx

State or Province (full name) [SomeState]xx

Locality Name (city) [SomeCity]xx

Organization Name (company name) [A Company Name]xx

Organizational Unit Name (section) [Web Administration]xx

Common Name (your domain name) [www.acompanyname.com]julxu.domain1,julxu.domain2

Email address [webadmin@acompanyname.com ]xx

-----BEGIN CERTIFICATE REQUEST-----

MIIDEDCCAfgCAQAwgcoxCzAJBgNVBAYTAkFVMRwwGgYDVQQIFBNOZXcgU291dGgg

V2xhf39hbHNlMQ8wDQYDVQQHEwZTeWRuZXkxJTAjBgNVBAoTHFVuaXZlcnNpdHkg

......

Liyq9J/+99iRPhq2agwrBwctRdBD0LEc8oJPWpnG3x/RL7+H1g3VxWiTUOUtVriB

rDtTzt8bvL7PtNwME40BnG9E3Lg=

-----END CERTIFICATE REQUEST-----

 

if it is not be used, than for css11506 if it can be imported a multihost unix certificate? Please advice also.

 

any comments will be apprecated

 

thanks in advance

 

Julxu

 

 

Labels:
0 Helpful
1 Reply 1

Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎08-07-2015 07:37 PM

Hi,

Looks like you need SAN certificates.The CSS does support SAN certificates, however, there is no way to generate a Certificate Signing Request with a SAN from them.

If the cert is imported, the CSS will not care whether, in the certificate,you have a Subject Alternate Name or not. As long as the cert imported to the device is a valid X509 cert, it will be sent to the client. It is theclient’s duty to determine whether it will be accepted or not.

 I would suggest you to generate a regular CSR, and consult the possibilityof a SAN with that CSR with your CA.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents