cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1569
Views
5
Helpful
4
Replies

generate CSR on ACE

kalugotla1
Level 1
Level 1

I am trying to generate a CSR on ACE.Actually import it from Linux box.

I have a linux server created an openssl key  and then tried ti import it to the ace.

This is the error i am getting on my ace

admin#crypto import non-exportable ftp 10.192.49.8 root key.pem test123
Password:
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).
#
Successfully imported file from remote server.
Error: Specified local file already exists.
s0labsw-ace1/Admin# crypto generate csr key.pem test123
Error: Specified CSR config does not exist.

This what i configured for csr param

ace1/Admin# sh crypto csr-params all
test123:
        country-name:   US
        state:         CA
        locality:       undefined
        org-name:       undefined
        org-unit:       undefined
        common-name:    xxx
        serial-number:  1
        email:          james.steve@xxx.com

can anyone let me point in the right direction

2 Accepted Solutions

Accepted Solutions

yushimaz
Cisco Employee
Cisco Employee

> s0labsw-ace1/Admin# crypto generate csr key.pem test123

I guess your CSR paramters name is test123 and key filename is key.pem.

If so, above configuration order is wrong.

ACE20-slot6-yushimaz/c1# sh crypto files

Filename                                 File  File    Expor      Key/

                                         Size  Type    table      Cert

-----------------------------------------------------------------------

key.pem                                  887   PEM     Yes         KEY

ACE20-slot6-yushimaz/c1# sh crypto csr-params all

test123:

        country-name:   JP

        state:          Tokyo

        locality:       undefined

        org-name:       undefined

        org-unit:       undefined

        common-name:    yushimaz

        serial-number:  1

        email:          yushimaz@local

ACE20-slot6-yushimaz/c1#

ACE20-slot6-yushimaz/c1#

ACE20-slot6-yushimaz/c1# crypto generate csr ?

    Please enter the name of the CSR parameters set (Max Size - 64)

ACE20-slot6-yushimaz/c1# crypto generate csr key.pem ?

    Please enter the key filename (Max Size - 39)

ACE20-slot6-yushimaz/c1# crypto generate csr key.pem test123  <<==

Error: Specified CSR config does not exist.

ACE20-slot6-yushimaz/c1# crypto generate csr test123 key.pem  <<==

-----BEGIN CERTIFICATE REQUEST-----

MIIBjjCB+AIBADBPMQswCQYDVQQGEwJKUDEOMAwGA1UECBMFVG9reW8xETAPBgNV

BAMTCHl1c2hpbWF6MR0wGwYJKoZIhvcNAQkBFg55dXNoaW1hekBsb2NhbDCBnzAN

BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8CcnWVe1amgXKE7ITPIDOSTys60ECf23

1wpE/r7Yj+ihW5Y54jrvxr31QTCDXCwJVi4PjjYg8+2dtJvq+9g0fW2uzAbj6aNO

iNP93KsEhooo1bvH6iUA/HQfJ6CxwLTMIWgOWxUuMeIdCXZwCguWmERIhq63RbTM

F0DRP8IwEnECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBAOQ+zm6NVGTbxHY5GsW4

hPEJdChW8XLWv0bnEQo1bcreR8ACNQ3g7mETWj/hRv6gZTIbQKsQElQ+RAInUPvl

xM47+HgMNQkzPH9621wc1niR0S/mJUVQ/aIl6ZQwROvlAmIi6Gs+nyYUtfccjgpL

ScYjdqEO4aXDXikzZDG0Y0gW

-----END CERTIFICATE REQUEST-----

ACE20-slot6-yushimaz/c1#

Regards,

Yuji

View solution in original post

I searched your error message and found the following page.

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1256

I guess your key is not 2048bit. So, please check your key.

Just to tell you, ACE can generate 2048 bit key as below.

ACE20-slot6-yushimaz/c1# crypto generate key ?

  1024            Use bitsize of 1024

  1536            Use bitsize of 1536

  2048            Use bitsize of 2048

  512             Use bitsize of 512

  768             Use bitsize of 768

  non-exportable  Mark the generated key as non-exportable

ACE20-slot6-yushimaz/c1# crypto generate key

Regards,

Yuji

View solution in original post

4 Replies 4

yushimaz
Cisco Employee
Cisco Employee

> s0labsw-ace1/Admin# crypto generate csr key.pem test123

I guess your CSR paramters name is test123 and key filename is key.pem.

If so, above configuration order is wrong.

ACE20-slot6-yushimaz/c1# sh crypto files

Filename                                 File  File    Expor      Key/

                                         Size  Type    table      Cert

-----------------------------------------------------------------------

key.pem                                  887   PEM     Yes         KEY

ACE20-slot6-yushimaz/c1# sh crypto csr-params all

test123:

        country-name:   JP

        state:          Tokyo

        locality:       undefined

        org-name:       undefined

        org-unit:       undefined

        common-name:    yushimaz

        serial-number:  1

        email:          yushimaz@local

ACE20-slot6-yushimaz/c1#

ACE20-slot6-yushimaz/c1#

ACE20-slot6-yushimaz/c1# crypto generate csr ?

    Please enter the name of the CSR parameters set (Max Size - 64)

ACE20-slot6-yushimaz/c1# crypto generate csr key.pem ?

    Please enter the key filename (Max Size - 39)

ACE20-slot6-yushimaz/c1# crypto generate csr key.pem test123  <<==

Error: Specified CSR config does not exist.

ACE20-slot6-yushimaz/c1# crypto generate csr test123 key.pem  <<==

-----BEGIN CERTIFICATE REQUEST-----

MIIBjjCB+AIBADBPMQswCQYDVQQGEwJKUDEOMAwGA1UECBMFVG9reW8xETAPBgNV

BAMTCHl1c2hpbWF6MR0wGwYJKoZIhvcNAQkBFg55dXNoaW1hekBsb2NhbDCBnzAN

BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8CcnWVe1amgXKE7ITPIDOSTys60ECf23

1wpE/r7Yj+ihW5Y54jrvxr31QTCDXCwJVi4PjjYg8+2dtJvq+9g0fW2uzAbj6aNO

iNP93KsEhooo1bvH6iUA/HQfJ6CxwLTMIWgOWxUuMeIdCXZwCguWmERIhq63RbTM

F0DRP8IwEnECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBAOQ+zm6NVGTbxHY5GsW4

hPEJdChW8XLWv0bnEQo1bcreR8ACNQ3g7mETWj/hRv6gZTIbQKsQElQ+RAInUPvl

xM47+HgMNQkzPH9621wc1niR0S/mJUVQ/aIl6ZQwROvlAmIi6Gs+nyYUtfccjgpL

ScYjdqEO4aXDXikzZDG0Y0gW

-----END CERTIFICATE REQUEST-----

ACE20-slot6-yushimaz/c1#

Regards,

Yuji

Thanks yushimaz

ace1/Admin# crypto generate csr test123 key.pem

-----BEGIN CERTIFICATE REQUEST-----
MIIBkzCB/QIBADBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCU0MxFTATBgNVBAMT
DGFob2xkdXNhLmNvbTEhMB8GCSqGSIb3DQEJARYSaGFyaS5nYWR1bGFAaHAuY29t
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXm69DPS5ueh6bWo1G3fRbbHfe
P7A0m4aRkPhpkWq/KJbeLB3RXatZBTqkBiAG3ay7XDGiPoV4/73WgzIXnEdlOcFo
CcXkshLcWk2DgFDYv7a1yP3o3TRtZ5oD/XJVLsbDOQZIcTYyqPuBrmZZeYqdFtNa
SLPZKUKfpMU3DbStyQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAXc463f3sVzCC
UW4N25Rbxf5mJwOhYBR5yjoPORGxB5AUWS2clmvsU5OaEMph3tSBcdkS+LddhTHe
4XQugogVUF5bRmR40RgciF/t4GwY0/e1eMnJ4sc7fKbcCb4vhMpRwKXp69DBOX7B
XpkSSNbILYcXwi+GslTc++ot4KowJY0=
-----END CERTIFICATE REQUEST-----

When I am trying  to generate a certificate with this csr in a free website  I am getting this error message

This CSR uses an unsupported key size!

Can I generate an CSR on my ACE and get a certificate ,to do the SSL encryption of Decryption .

Or Do i need to generate a Key on my Linux or Windows server and then import it to the ACE to get a SSL certificate.

I searched your error message and found the following page.

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1256

I guess your key is not 2048bit. So, please check your key.

Just to tell you, ACE can generate 2048 bit key as below.

ACE20-slot6-yushimaz/c1# crypto generate key ?

  1024            Use bitsize of 1024

  1536            Use bitsize of 1536

  2048            Use bitsize of 2048

  512             Use bitsize of 512

  768             Use bitsize of 768

  non-exportable  Mark the generated key as non-exportable

ACE20-slot6-yushimaz/c1# crypto generate key

Regards,

Yuji

Thanks it worked .

Review Cisco Networking for a $25 gift card