cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

563
Views
0
Helpful
6
Replies
Beginner

Generate CSR-install certificate (cisco router)

Dears,

 

i need to generate a CSR from a cisco router.

once done, retreive this CSR from the router and give it to a company to sign it.once signed, install the new certificate on the router.

 

kindly , if you can provide me a detailed step-by-step on how to do it (based on an cli example).

 

Do i need a name of a domain? Etc...

 

thank you.

 

6 REPLIES 6
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: Generate CSR-install certificate (cisco router)

Hi,

This post covers how to generate a CSR on a Cisco router using SCEP or manually using terminal.


HTH

Beginner

Re: Generate CSR-install certificate (cisco router)

Dear,

 

thank you for the above, but in my case we don’t have windows CA server and we are not responsible on signing the CSR.

 

all that i want is the exact command cli step on the router to generate the CSR.(then we will give the CSR to the client to sign it).once signed, we need the command line exact step to install the (entrust certificate ) in the router.

 

thank you

VIP Advisor RJI VIP Advisor
VIP Advisor

Re: Generate CSR-install certificate (cisco router)

That's fine, just ignore the section about signing the certificate - all the commands are there. Here is a break down of the commands:-

 

Ensure the Trustpoint is configured to use enrollment terminal

 

crypto pki trustpoint <TRUSTPOINT-NAME>
 enrollment terminal

Acquire the Root certificate and copy and paste the contents of the ROOT certificate into the console session:

 

crypto pki authenticate <TRUSTPOINT-NAME>

 

Enroll the certificate to generate the CSR

 

crypto pki enroll <TRUSTPOINT_NAME>

 

Copy the contents of the CSR and save to file .e.g. routerreq.csr 

Send the certificate off to the CA to get signed

 

Once signed, open the signed certificate filename.cer in notepad and copy the contents


On the router run the command crypto pki import certificate

 

HTH

Highlighted
Beginner

Re: Generate CSR-install certificate (cisco router)

Hi,

Thank you for the below.

I already did a summary step by step.

 

Kindly confirm the attached document.

 

VIP Advisor RJI VIP Advisor
VIP Advisor

Re: Generate CSR-install certificate (cisco router)

You'll want to change the fqdn and subject-name to be more relevant to your company.

 

The trustpoint name <TRUSTPOINT_NAME> would need to match the real name of whatever you define the trustpoint. In your doc you re-used the example from the link I provided, which was LAB_PKI. So whenever you see <TRUSTPOINT_NAME> replace with LAB_PKI are whatever you plan on calling it.

 

HTH

Beginner

Re: Generate CSR-install certificate (cisco router)

Hi,

 

sure sure.

i just put an example that i will follow step by step. Regarding the naming , i will change it.

thank you.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here