09-17-2010 01:57 AM - edited 03-10-2019 05:25 PM
Hello
I am doing a dot1x solution with web auth on cisco 3750 switches.
Once the wired client get put into web auth state (after dot1x and mab) and goes to a website, he gets a certificate warning. This is because the certificate of the cisco switch is selfsigned.
I want to use a verisign certificate to solve this error, but I cannot find a way to generate a CSR on a switch. I only found a guide how to request a certificate from a CA on the local network, but this is also not a solution, because the clients using the web auth, will not know the internal CA.
Is there any way to solve this?
Greetings
Steven
Solved! Go to Solution.
09-20-2010 07:27 AM
Hi Steven,
The below document is actually for IOS SSLVPN, but the certificate portion should be the same:
Search for "Appendix B" and it goes into creating a trustpoint and then one section is for self-signed and another is for generating a certificate request to send to an external CA.
Once a trustpoint is created the command to actually generate the CSR is "crypto pki enroll
This document goes into a little more detail on all the indivual commands and what they do:
Also you could use something external to the switch like OpenSSL to generate the CSR/private key and then use that to request a cert from your Verisign CA and then import the cert/keypair into the IOS device.
Thanks,
Nate
09-20-2010 07:27 AM
Hi Steven,
The below document is actually for IOS SSLVPN, but the certificate portion should be the same:
Search for "Appendix B" and it goes into creating a trustpoint and then one section is for self-signed and another is for generating a certificate request to send to an external CA.
Once a trustpoint is created the command to actually generate the CSR is "crypto pki enroll
This document goes into a little more detail on all the indivual commands and what they do:
Also you could use something external to the switch like OpenSSL to generate the CSR/private key and then use that to request a cert from your Verisign CA and then import the cert/keypair into the IOS device.
Thanks,
Nate
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide