09-24-2012 02:19 AM - edited 03-10-2019 07:34 PM
I try to generate a certificate request in Cisco ACS 5.3 Web GUI via
System Administration > Configuration > Local Server Certificates > Local Certificates > Add > Generate Certificate Signing Request .
The DN we have to use is specified by our CA-Administrator to something like
"O=my-company-for IT Service (mcIT),L=Berlin,ST=Berlin,C=DE" .
(spaces, brackets, ... but this is the requirement)
So my input in the field Certificate Subject is "CN= myserver.mcit.com,O=my-company-for IT Service (mcIT),L=Berlin,ST=Berlin,C=DE" .
(Key Length=2048, Digest=SHA1)
But then I get an error: Certificate Validation Error: "Invalid certificate subject DN name"
When I omit ST attribute it creates a request, but due to CA requirements I cannot.
The length of DN is 101.
Event without round brackets "(..)" the error occurs.
Some ideas?
09-24-2012 06:10 AM
Your best bet is to use openssl to generate a CSR. Once you receive the signed cert import the cert and the intermediate and root certs along with the private key.
Let me know if you need help with that.
Sent from Cisco Technical Support Android App
09-24-2012 06:18 AM
Ok, I could generate a certificate request with openssl on an separate linux box.
Then I think to import the signed certificate file I have to go to
System Administration > ... > Configuration > Local Server Certificates > Local Certificates > Create > Bind CA Signed Certificate... , right ?
But where I can import the private key ?
As far as I understand by using the GUI the private key is created and later bound automatically to the signed cert but it is not directly accessible.
09-24-2012 06:40 AM
You will have to import the certificate. It will ask for the private key and private key password along with the cert.
Sent from Cisco Technical Support Android App
09-24-2012 01:56 PM
Hi ,
It's not bind CA certificate . It's the first option which is import seever certificate option
HTH
Sent from Cisco Technical Support Android App
09-26-2012 12:15 AM
Unfortunately it's not working.
I created a certificate (request and private key) on a linux box with openssl and sent the cert to our CA for signing.
Now I tried to import the signed cert with
System Administration > ... > Configuration > Local Server Certificates > Local Certificates > Create > Import Server Certificate, with my cert.pem and privkey.pem files and the password from request generation.
I get an error "Certification Validation Error: Invalid private key"
Request generation with the GUI wasn't possible - I suspect the ST attribute (without it is possible).
As already mentioned our CA requires a DN like "O=my-company-for IT Service (mcIT),L=Berlin,ST=Berlin,C=DE"
ST is mandatory.
Does anybody an idea to solve this crux?
best regards
ML
01-17-2013 12:53 AM
Hi Mike,
I have the same problem, have you solved it ?
01-17-2013 04:58 AM
Using "S=" instead of "ST=" worked for me.
b.r.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide