cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

4117
Views
5
Helpful
3
Replies
holgerseiler
Beginner

ACS 5.1 - Generate Certificate Signing Request

Hi all,

a customer of me wants to generate a Certificate Signing Request at Cisco Secure ACS version 5.1.

Certificate Subject is
CN=de00salsec115r1,OU=SEC,OU=Servers,OU=INF Administration,OU=\+DE,DC=emea,DC=dir

The Certificate would be generated but the backslash is missing like this:

CN=de00salsec115r1,OU=SEC,OU=Servers,OU=INF-Administration,OU=+DE,DC=emea,DC=dir

I found at the configuration guide that only alphanumeric characters were allowed:

Certificate subject entered during generation of this request.

The Certificate Subject field may contain alphanumeric characters.

The maximum number of characters is 1024.

This field should automatically prefixed with “cn=”.

Please, could anyone confirm that backslash is not allowed for the certificate subject.

Thanks and kind regards

Holger

1 ACCEPTED SOLUTION

Accepted Solutions
Federico Ziliotto
Cisco Employee

Hi Holger,

That's correct, the subject name should contain only alphanumeric characters:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/admin_config.html#wp1058001

As a further note, since I see you are running ACS 5.1, please be sure of having patch 5 or later installed, in order to avoid the known bug CSCti68031:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCti68031

Since you mentioned that the certificate (so the CSR too) gets generated, I'd guess you are already on this patch (or later).

Regards,

Fede

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

View solution in original post

3 REPLIES 3
Federico Ziliotto
Cisco Employee

Hi Holger,

That's correct, the subject name should contain only alphanumeric characters:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/admin_config.html#wp1058001

As a further note, since I see you are running ACS 5.1, please be sure of having patch 5 or later installed, in order to avoid the known bug CSCti68031:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCti68031

Since you mentioned that the certificate (so the CSR too) gets generated, I'd guess you are already on this patch (or later).

Regards,

Fede

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Thanks for your support.

Kind regards

Holger

Glad this helped Holger.

Please feel free to ping us back in case further help would be needed with your ACS in the future.

Regards,

Fede

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube