We are deploying Firepower Management Center 4000 appliances (Cisco Part Number: FS4000-K9)

As part of our system deployment we are looking to install our own CA signed PKI certificates on our network equipment.

Our IT security requirements are that we define certain extended options on our certificates e.g. multiple "OU" fields and "v3_req" extension options.

On the Cisco FMC main Ethernet GUI these fields are not options for input, however, as OpenSSL exists on the CLI we have created an OpenSSL config file which we use as an input, enabling us to create a CSR with these options which can be signed and returned (using WinSCP for the transfer of files to and from the chassis). As a result we can successfully install the required signed certificate to the main ethernet interface of the FMC.

However, in relation to the CIMC (LOM) interface of the FMC 4000, which also requires these extended options, but does not have OpenSSL. I have tried various things to apply a cert - as summarised below:

o I have attempted to create a CSR on the FMC, which I have then had signed, then attempted to apply with the key to the CIMC, this errors as the CIMC doesn’t have a CSR to confirm the cert against.

o Combine the KEY and CER files in a PFX, the CIMC would not accept this file.

o I have tried to browse the file system, in the hope of manually inserting CSR files, but this is not possible from what I can see.

We need to know if it’s possible to create a CSR locally with the options we require, or to create the necessary CSR on another system and use that with the CIMC interface.