02-27-2013 11:29 AM
Hello,
Could you help me on resolving problem with creating Certificate Signing Request for Cisco LMS?
I performed the following actions for it creating:
1. I created Self-signed certificate using the following link: Admin/Trust Management/Local Server/ Certificate Setup
There I filled field and pushed Apply
2. Then I restarted the Daemon Manager and entered to folder \NMSroot\MDC\Apache\conf\ssl. Where I opened the file server.csr via notepad and copied the text :
-----BEGIN CERTIFICATE REQUEST-----
.........
-----END CERTIFICATE REQUEST-----
5. After that I pasted the copied text to our CA for signed. I was using the certificate template - Web server with private key. Now I get the error :
Certificate Request Denied
Your certificate request was denied. Your Request Id is 13525. The disposition message is "Denied by Policy Module The certificate validity period will be shorter than the WebServerwithPrivateKey Certificate Template specifies, because the template validity period is longer than the maximum certificate validity period allowed by the CA. Consider renewing the CA certificate, reducing the template validity period, or increasing the registry validity period. ".
Could you help me how I can change the certificate validity period?
Could I perform this when I generate self-signed certificate in LMS?
Thank you in advance
02-27-2013 12:53 PM
The certificate setup menu choice you used is designed only to setup self-signed certificates. those are for 5 years and not configurable beyond the standard fields presented in the GUI.
To installl a 3rd party certificate, please use the SSL Utility perl script that is provided with the server and accessible from the command line interface. Further details are in the Admin Guide here.
02-27-2013 09:58 PM
Thank you for reply.
But I can not understand how I can create a certificate request so that then paste it and sign on our CA.
As I see I can only import certificate from CA with using the SSL Utility
02-28-2013 05:28 AM
You can use openssl to create a CSR.
03-03-2013 10:37 PM
Thank you for help. It's OK.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide