Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

4117
Views
5
Helpful
3
Replies
holgerseiler
Beginner
Beginner
‎01-11-2011 08:03 AM
‎01-11-2011 08:03 AM

ACS 5.1 - Generate Certificate Signing Request

Hi all,

a customer of me wants to generate a Certificate Signing Request at Cisco Secure ACS version 5.1.

Certificate Subject is
CN=de00salsec115r1,OU=SEC,OU=Servers,OU=INF Administration,OU=\+DE,DC=emea,DC=dir

The Certificate would be generated but the backslash is missing like this:

CN=de00salsec115r1,OU=SEC,OU=Servers,OU=INF-Administration,OU=+DE,DC=emea,DC=dir

I found at the configuration guide that only alphanumeric characters were allowed:

Certificate subject entered during generation of this request.

The Certificate Subject field may contain alphanumeric characters.

The maximum number of characters is 1024.

This field should automatically prefixed with “cn=”.

Please, could anyone confirm that backslash is not allowed for the certificate subject.

Thanks and kind regards

Holger

Labels:
0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
Federico Ziliotto
Cisco Employee
Cisco Employee
‎01-12-2011 12:26 AM
‎01-12-2011 12:26 AM

Hi Holger,

That's correct, the subject name should contain only alphanumeric characters:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/admin_config.html#wp1058001

As a further note, since I see you are running ACS 5.1, please be sure of having patch 5 or later installed, in order to avoid the known bug CSCti68031:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCti68031

Since you mentioned that the certificate (so the CSR too) gets generated, I'd guess you are already on this patch (or later).

Regards,

Fede

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

View solution in original post

0 Helpful
3 REPLIES 3
Federico Ziliotto
Cisco Employee
Cisco Employee
‎01-12-2011 12:26 AM
‎01-12-2011 12:26 AM

Hi Holger,

That's correct, the subject name should contain only alphanumeric characters:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/admin_config.html#wp1058001

As a further note, since I see you are running ACS 5.1, please be sure of having patch 5 or later installed, in order to avoid the known bug CSCti68031:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCti68031

Since you mentioned that the certificate (so the CSR too) gets generated, I'd guess you are already on this patch (or later).

Regards,

Fede

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful
holgerseiler
Beginner
Beginner
In response to Federico Ziliotto
‎01-12-2011 01:51 AM
‎01-12-2011 01:51 AM

Thanks for your support.

Kind regards

Holger

Federico Ziliotto
Cisco Employee
Cisco Employee
In response to holgerseiler
‎01-12-2011 01:58 AM
‎01-12-2011 01:58 AM

Glad this helped Holger.

Please feel free to ping us back in case further help would be needed with your ACS in the future.

Regards,

Fede

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful
Latest Contents
Earn $100! Interview with Cisco on Network Risk, Compliance ...
Created by S Nath on 06-27-2022 01:56 PM
0
0
0
0
Are you responsible for risk management, compliance management and auditing of a network?    If so, we’d like to speak with you to learn your current processes of enforcing compliance and managing risk to help us develop services that will ... view more
Converting Cisco Secure Endpoint Connectors from Audit to Pr...
Created by Sohaib Ahmed on 06-23-2022 05:19 PM
0
0
0
0
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari... view more
🧦💚 Tell us about your ZTNA journey in exchange for a pair ...
Created by betswang on 06-23-2022 03:05 PM
0
15
0
15
  Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ... view more
Cisco ASA Access-list ACL using network object
Created by Meddane on 06-23-2022 06:59 AM
0
0
0
0
  A set of interface access rules can cause the Cisco Adaptive Security Appliance to permit or deny a designated host to access another particular host with a specific network application (service). When there is only one client, one host and one se... view more
How To: Cisco ISE Captive Portals with Aruba Wireless
Created by ahollifield on 06-22-2022 06:23 PM
4
10
4
10
How To: Cisco ISE Captive Portals with Aruba Wireless Authors: Adam Hollifield, Brad Johnson IntroductionPrerequisitesMinimum RequirementsComponents UsedConfigurationAruba Wireless ControllerWLAN CreationAuthentication ConfigurationRole & Policy Confi... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube