Re: multible ssl certificate csr request on ACE

kashman37 · ‎12-02-2010

Dear All,

I want to make a CSR on ace for multible SSL Certificate. I have looked everywhere and there is no documentation of how to do this.

what i want to do is create one CSR Request to Verisign for SSL for sites www.xxxxxx.com, www.yyyyyyy.com and www.hhhhhhh.com. is there a way to do this on ACE. Is it possible to make the csr from the server and then export the certificate and then import it to ACE, or should the request be made from ACE for this CSR. What is the solution to this.

Daniel Arrondo Ostiz · ‎12-02-2010

Hi,

You can create the CSR on the server and then import the certificate and key on the ACE or create the CSR on the ACE directly, both options are possible.

For details on how to generate a CSR on the ACE, please refer to the link below:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/ssl/guide/certkeys.html#wp1021811

If you decide to generate the key and CSR on the server, then the instructions on how to import them on the ACE can be found at http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/ssl/guide/certkeys.html#wp1012347

Please, let me know if you have any questions

Daniel

kashman37 · ‎12-02-2010

Dear Daniel,

Thanks for your fast response. Please note that i need to create a CSR for multible domains. my question is how can i add multible common names in one CSR request? ACE wont let me do that , when i enter a second common name the first is replaced. please see example bellow.

crypto csr-params test

country US
state NY
locality QUEENS

organization-name testorg

organization-unit testunit

below i enter the first common name

common-name test.com

when i enter the second site common name it replaces the first one

common-name test1111.com

so i end up only with one common name request

what i need to do is request through one CSR multible common names like bellow is this possible on ACE?

crypto csr-params test

country US
state NY
locality QUEENS

organization-name testorg

organization-unit testunit

common-name test.com

common-name test1111.com

common-name test2222.com

common-name test3333.com

Daniel Arrondo Ostiz · ‎12-02-2010

I'm afraid the ACE only supports CSR with one single common name, so, you will have to generate a separate CSR for each of the domains you want to get in the common name.

kashman37 · ‎12-02-2010

Dear Daniel,

Thank you for your support it has been very helpfull.

last question is, does ACE support multible site SSL Certificates. If i do the request from SERVER and then install that certificate on ACE will the ACE recognise this type of SSL?

Thanks in advance

Daniel Arrondo Ostiz · ‎12-02-2010

In this case, the ACE doesn't need to parse the certificate. It will accept it when you import it, and then it will be sent to the clients untouched.

It's up to the client's browser to understand it properly

kashman37 · ‎12-02-2010

Dear Daniel,

Thanks for your excellent reply, everything is clear now.