Please be advised, the GuideMe Wizard is no longer available on the Small Business Support Community. For search capability please use the community search field to find content related to Cisco Small Business documents, videos, and discussions.
Certificate Signing Request (CSR) for signed SSL Certificates for SPA Voice products
-- The SPA Phones and ATAs support mutual SSL authentication [SSLVerifyClient require] based on certificates signed by Cisco.
This document describes the certificate signing (CSR) process, what to do, where to run commands, and what information you must provide. -----------------------------------------------------
You must generate a Certificate Signing Request (CSR) as part of the certificate signing process.
The CSR identifies and describes your organization.
Your web server needs a private key in order to generate a CSR. This document helps you create a private key on the web server in step A1.
This private key is private to you and your web server. Do not share it with anyone! Do not include your private key in your CSR email request in step B1.
When generating the CSR in step A2, you will be asked for a "CN" (Common Name, also sometimes called "your name" depending on the operating system on your web server) This name is used to uniquely identify the web server so the name must use fully qualified domain name (FQDN) syntax.
During the SSL authentication handshake, the SPA device will verify that the certificate it receives, is indeed from the machine who presents it, this can only be accomplished with a FQDN.
For example, if your server's hostname is proserv and your domain is domain.com, then provserv.domain.comis the fully qualified CN to submit.
Step A: Creating the CSR ------------ Use the opensource "openssl" utility to generate a private key in step 1 and then generate your CSR. Both steps 1 and 2 must be run on the web server.
1. Generate a private key which you will use to generate the certificate signing request
webserver# openssl genrsa -out <file.key> 2048
2. Generate the CSR using the private key that you just created.
IMPORTANT: When prompted for an email address, you must provide a valid email address so Cisco can contact you if needed.
This email address will be visible in this CSR. Cisco will notprocess the CSR without a valid email address.
Step B: Preparing the Certificate to send to your sales representative ----------- 1. Compress the CSR with the zip utility to prevent email servers from truncating the CSR. [Do not include the web server's private key)
2. List the devices for which you require the certificate, for example: SPA3xx, SPA5xx, SPA9XX, WRPXXX, RTPXXX, WRTPXXX, and WAGXXX [This tells Engineering what devices to include in the combinedca.crt certificate for client authentication]
3. Email the CSR and device list to your Cisco sales representative.
Having hard time connecting to vpn from windows 10Gateway to gatway works OK but I need to allow few users to log in from laptops and nothing works. Tried win10 vpn setup as well as quickVPN and still no luck.Tried this but still no luck:https://www.cisco...
Im facing a weird scenario which I don't really know if its a misconfiguration. Having a network with a C3750G switch for inter-vlan routing and c2960 switches for access, the network was working fine.the company decided to extend the switch ports an...
Hello, I do not have any experience with Cisco R&S and I have to change the following interface configuration to be 192.168.20.xxx instance of 192.168.5.xxxThanks in Advance. interface Vlan1
ip address 192.168.5.241 255.255.2...
i have this switch and i have ubiquiti Access point ( unify ac lite ) see attached photothis AP wirks using POe ports. i cant power any AP. i read that class and limitaions found and i know my access works on 6.5 wt but i do no know how to change to class...