Hi, I am not sure if this is the right place for the question...
I followed some link to generate key, then a CSR. Then I went to the MS cert server and obtained a cert (with the webserver template). Then I imported the cert in my router.
GIR02-70#show crypto pki certificates verbose INT-IT-00-CER-PRO1-CA
CA Certificate
Status: Available
Version: 3
Certificate Serial Number (hex): 5B0001BCFFFAFE2C330CBE2C1C00020001BCFF
Certificate Usage: General Purpose
Issuer:
cn=int-IT-00-CER-PRO1-CA
dc=int
dc=pason
dc=com
Subject:
cn=gir02-70.int.pason.com
ou=DigitComm
o=Pason Systems Corp
st=Alberta
c=CA
hostname=gir02-70.int.pason.com
CRL Distribution Points:
ldap:///CN=int-IT-00-CER-PRO1-CA(1),CN=it-00-cer-pro1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=int,DC=pason,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint
http://pki.int.pason.com/CertEnroll/int-IT-00-CER-PRO1-CA(1).crl
Validity Date:
start date: 19:53:35 CST Jan 7 2021
end date: 19:53:35 CST Jan 7 2023
Subject Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Signature Algorithm: SHA256 with RSA Encryption
Fingerprint MD5: 82AB5A87 1F3FCE9F DD639091 54B91A5D
Fingerprint SHA1: 1D796A63 2D226AD6 ACB05632 83AFA795 FAA44D0D
X509v3 extensions:
X509v3 Key Usage: A0000000
Digital Signature
Key Encipherment
X509v3 Subject Key ID: 72CD118A 9329BEB4 BA1F6D85 9B3FF674 8078C697
X509v3 Authority Key ID: 45A247A8 5B651807 1C597099 3D421F1C C5CCBD24
Authority Info Access:
CA ISSUERS: ldap:///CN=int-IT-00-CER-PRO1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=int,DC=pason,DC=com?cACertificate?base?objectClass=certificationAuthority
CA ISSUERS: http://pki.int.pason.com/CertEnroll/it-00-cer-pro1.int.pason.com_int-IT-00-CER-PRO1-CA(2).crt
Extended Key Usage:
Server Auth
Associated Trustpoints: INT-IT-00-CER-PRO1-CA
Now, how do I specify it to be used with the http secure-server? When I open the browser with the router's hostname, I still see it using the original self-signed cert.
Thanks,
Difan