i need to generate a CSR from a cisco router.
once done, retreive this CSR from the router and give it to a company to sign it.once signed, install the new certificate on the router.
kindly , if you can provide me a detailed step-by-step on how to do it (based on an cli example).
Do i need a name of a domain? Etc...
thank you for the above, but in my case we don’t have windows CA server and we are not responsible on signing the CSR.
all that i want is the exact command cli step on the router to generate the CSR.(then we will give the CSR to the client to sign it).once signed, we need the command line exact step to install the (entrust certificate ) in the router.
That's fine, just ignore the section about signing the certificate - all the commands are there. Here is a break down of the commands:-
Ensure the Trustpoint is configured to use enrollment terminal
crypto pki trustpoint <TRUSTPOINT-NAME>
Acquire the Root certificate and copy and paste the contents of the ROOT certificate into the console session:
crypto pki authenticate <TRUSTPOINT-NAME>
Enroll the certificate to generate the CSR
crypto pki enroll <TRUSTPOINT_NAME>
Copy the contents of the CSR and save to file .e.g. routerreq.csr
Send the certificate off to the CA to get signed
Once signed, open the signed certificate filename.cer in notepad and copy the contents
On the router run the command crypto pki import certificate
You'll want to change the fqdn and subject-name to be more relevant to your company.
The trustpoint name <TRUSTPOINT_NAME> would need to match the real name of whatever you define the trustpoint. In your doc you re-used the example from the link I provided, which was LAB_PKI. So whenever you see <TRUSTPOINT_NAME> replace with LAB_PKI are whatever you plan on calling it.
i just put an example that i will follow step by step. Regarding the naming , i will change it.