Firepower Management Center 4000 - CIMC interface - Create CSR with OU fields & extension options set
We are deploying Firepower Management Center 4000 appliances (Cisco Part Number: FS4000-K9)
As part of our system deployment we are looking to install our own CA signed PKI certificates on our network equipment.
Our IT security requirements are that we define certain extended options on our certificates e.g. multiple "OU" fields and "v3_req" extension options.
On the Cisco FMC main Ethernet GUI these fields are not options for input, however, as OpenSSL exists on the CLI we have created an OpenSSL config file which we use as an input, enabling us to create a CSR with these options which can be signed and returned (using WinSCP for the transfer of files to and from the chassis). As a result we can successfully install the required signed certificate to the main ethernet interface of the FMC.
However, in relation to the CIMC (LOM) interface of the FMC 4000, which also requires these extended options, but does not have OpenSSL. I have tried various things to apply a cert - as summarised below:
o I have attempted to create a CSR on the FMC, which I have then had signed, then attempted to apply with the key to the CIMC, this errors as the CIMC doesn’t have a CSR to confirm the cert against.
o Combine the KEY and CER files in a PFX, the CIMC would not accept this file.
o I have tried to browse the file system, in the hope of manually inserting CSR files, but this is not possible from what I can see.
We need to know if it’s possible to create a CSR locally with the options we require, or to create the necessary CSR on another system and use that with the CIMC interface.
Cisco Digital Network Architecture Center Modules (Design Module)Part.3In this article, we are going to talk about the Cisco Digital Network Architecture Center design Module.Cisco DNA Center gives us the flexibility and scalability to configure mult...
Cisco 2509-RJ freezes during start-up I bought some Cisco 2509-RJ terminal server to work on my labs and was working fine. Today I turned it on and half way through starting up it seems to freeze. I can only find one instance of this happing to ...
Cisco Digital Network Architecture Center Modules(Design Module)Part.2In this article, we are going to talk about the Cisco Digital Network Architecture Center design Module. Cisco DNA Center gives us the flexibility and availability to con...
Connectivity Design considerations and recommendation
1.Management Access connectivity
If there is a dedicated OOB management path, consider connecting to CIMC and MGMT port.
If OOB path is not available, Connect the dedicated Management port to LAN Swi...