Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
401
Views
0
Helpful
1
Replies

CUBE Certificate Generation Issue

kyle.hanson
Level 1
Level 1

‎10-06-2021 09:57 PM - edited ‎10-07-2021 06:42 AM

Trying to generate a security certificate for our Cisco Cube, an ASR1001 running v15.4(3)S3, and it won't allow me to add an alternative name for the crypto pki trustpoint step. Here is what I am trying to configure...

 

conf t

crypto pki trustpoint XXX
enrollment terminal
fqdn XXX.YYY.ZZZ.com
subject-name cn=XXX.YYY.ZZZ.com
subject-alt-name XXX.ZZZ.com
subject-alt-name ThematicName.ZZZ.com
revocation-check crl
rsakeypair XXX

 

The error comes in at the subject-alt-name step, saying

 

% Ambiguous command: "Subject Alt Name can be configured only for self signed certificates. So, specify the enrollment type as self signed prior to configuring this."

 

These steps are all laid out in the Cisco document here (https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/interoperability-portal/direct-routing-with-cube.pdf) and I have tested these in a lab with a C2921 (which is not supported by Teams Voice so we could only run the commands) and this error did not come up. Is there a limitation on this model or software version?

Labels:
0 Helpful
1 Reply 1

Roger Kallberg
VIP
VIP

‎10-08-2021 09:49 AM

If you are not using the very latest version of IOS for this platform I would recommend you to upgrade. However you should be advised that this platform is end of support and therefore would not be recommended to use for any services.



Response Signature


0 Helpful
Customers Also Viewed These Support Documents