Firepower Management Center 4000 - CIMC interface - Create CSR with OU fields & extension options set
We are deploying Firepower Management Center 4000 appliances (Cisco Part Number: FS4000-K9)
As part of our system deployment we are looking to install our own CA signed PKI certificates on our network equipment.
Our IT security requirements are that we define certain extended options on our certificates e.g. multiple "OU" fields and "v3_req" extension options.
On the Cisco FMC main Ethernet GUI these fields are not options for input, however, as OpenSSL exists on the CLI we have created an OpenSSL config file which we use as an input, enabling us to create a CSR with these options which can be signed and returned (using WinSCP for the transfer of files to and from the chassis). As a result we can successfully install the required signed certificate to the main ethernet interface of the FMC.
However, in relation to the CIMC (LOM) interface of the FMC 4000, which also requires these extended options, but does not have OpenSSL. I have tried various things to apply a cert - as summarised below:
o I have attempted to create a CSR on the FMC, which I have then had signed, then attempted to apply with the key to the CIMC, this errors as the CIMC doesn’t have a CSR to confirm the cert against.
o Combine the KEY and CER files in a PFX, the CIMC would not accept this file.
o I have tried to browse the file system, in the hope of manually inserting CSR files, but this is not possible from what I can see.
We need to know if it’s possible to create a CSR locally with the options we require, or to create the necessary CSR on another system and use that with the CIMC interface.
Cisco DNA Center nodes lost network connectivity. Cannot SSH to nodes. Cluster and Enterprise port connected to Cisco Nexus Switches.
Cisco DNA Center kernel logs showing hung queue error messages. "sudo cat /var/log/kern.log"
Cisco Digital Network Architecture Center Modules(Design Module)Wireless Part.In this article, we are going to talk about Cisco Digital Network Architecture Center design Module, Wireless Part.Cisco DNA Center gives us the flexibility and scalability to c...
Cisco has announced the availability of the latest IOS-XE release - IOS-XE Amsterdam 17.1. This release IOS-XE 17.1 is a Standard Maintenance Release which has a sustaining lifetime of 12 months with a Restricted build and a PSIRT build. IOS...
Hello everyone, I have written the following guide for myself for my CCNP switch studies. I would like to publish it here for the benefit of others as I was not able to find all the information for it in one place and a lot of different documentation out ...
Cisco’s software-defined wide area network (SD-WAN) solution, powered by Viptela, allows user to quickly and seamlessly establish an overlay fabric to connect an enterprise’s data centers, branch and campus locations, ...