Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3844
Views
0
Helpful
7
Replies

Cisco ACS 5.3 Certificate Request

Mike Lehmann
Level 1
Level 1

‎09-24-2012 02:19 AM - edited ‎03-10-2019 07:34 PM

I try to generate a certificate request in Cisco ACS 5.3 Web GUI via

System Administration >  Configuration >  Local Server Certificates >  Local Certificates > Add > Generate Certificate Signing Request .

The DN we have to use is specified by our CA-Administrator to something like

"O=my-company-for IT Service (mcIT),L=Berlin,ST=Berlin,C=DE" .

(spaces, brackets, ... but this is the requirement)

So my input in the field Certificate Subject is "CN= myserver.mcit.com,O=my-company-for IT Service (mcIT),L=Berlin,ST=Berlin,C=DE" .

(Key Length=2048, Digest=SHA1)

But then I get an error: Certificate Validation Error: "Invalid certificate subject DN name"

When I omit ST attribute it creates a request, but due to CA requirements I cannot.

The length of DN is 101.

Event without round brackets "(..)" the error occurs.

Some ideas?

Labels:
0 Helpful
7 Replies 7

Tarik Admani
VIP Alumni
VIP Alumni

‎09-24-2012 06:10 AM

Your best bet is to use openssl to generate a CSR. Once you receive the signed cert import the cert and the intermediate and root certs along with the private key.

Let me know if you need help with that.

Sent from Cisco Technical Support Android App

0 Helpful

Mike Lehmann
Level 1
Level 1
In response to Tarik Admani

‎09-24-2012 06:18 AM

Ok, I could generate a certificate request with openssl on an separate linux box.

Then I think to import the signed certificate file I have to go to

System Administration >  ... >  Configuration >  Local Server Certificates >  Local Certificates  >  Create > Bind CA Signed Certificate... , right ?

But where I can import the private key ?

As far as I understand by using the GUI the private key is created and later bound automatically to the signed cert but it is not directly accessible.

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni

‎09-24-2012 06:40 AM

You will have to import the certificate. It will ask for the private key and private key password along with the cert.

Sent from Cisco Technical Support Android App

0 Helpful

hkhrais
Level 1
Level 1

‎09-24-2012 01:56 PM

Hi ,

It's not bind CA certificate . It's the first option which is import seever certificate option

HTH

Sent from Cisco Technical Support Android App

0 Helpful

Mike Lehmann
Level 1
Level 1
In response to hkhrais

‎09-26-2012 12:15 AM

Unfortunately it's not working.

I created a certificate (request and private key) on a linux box with openssl and sent the cert to our CA for signing.

Now I tried to import the signed cert with

System Administration >  ... >  Configuration >  Local Server Certificates >  Local Certificates  >  Create > Import Server Certificate, with my cert.pem and privkey.pem files and the password from request generation.

I get an error "Certification Validation Error: Invalid private key"

Request generation with the GUI wasn't possible - I suspect the ST attribute (without it is possible).

As already mentioned our CA requires a DN like "O=my-company-for IT Service (mcIT),L=Berlin,ST=Berlin,C=DE"

ST is mandatory.

Does anybody an idea to solve this crux?

best regards

ML

0 Helpful

Ossama El Abbadi
Level 1
Level 1
In response to Mike Lehmann

‎01-17-2013 12:53 AM

Hi Mike,

I have the same problem, have you solved it ?

0 Helpful

Mike Lehmann
Level 1
Level 1
In response to Ossama El Abbadi

‎01-17-2013 04:58 AM

Using "S=" instead of "ST=" worked for me.

b.r.

0 Helpful
Customers Also Viewed These Support Documents