cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
896
Views
0
Helpful
3
Replies

Change contry code on 1941 router

Tommy Svensson
Level 1
Level 1

Hi.

I am trying to install SSL VPN on our 1941 router. When i try to send a CSR for signing the site complains about the country code not being correct. How can i change the contry code in Cisco IOS  Version 15.0(1r)M9 ?

It is also complaining about the domainname, but the thing right now is the contry code.

Hoping someone could shine some light on this matter.

Regards Tommy Svensson

1 Accepted Solution

Accepted Solutions

Tommy,

Maybe your CA server requires that both domain and country code is present?

I don't see any clear fault on router's side.

Try to add something like this in trustpoint.

subject-name CN=$HOSTNAMENAME.$MYDOMAIN.$TLD,OU=$OU_NAME,C=$TWO_LETTER_COUNTRY_CODE

And generate CSR again.

Marcin

View solution in original post

3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Tommy,

Show us what you've configured under trustpoint.

Note that country code should be based on ISO.

http://en.wikipedia.org/wiki/ISO_3166-1

Marcin

This is what ive configure under trustpoint so far.

router#show runcrypto pki trustpoint SSL-CERT
enrollment terminal
revocation-check crl
rsakeypair MY-KEY

This is what i did to enroll the request to be signed:

Router(config)#crypto key generate rsa label MY-KEY modulus 2048

Router(config)#crypto ca trustpoint SSL-CERT

Router(ca-trustpoint)#rsakeypair MY-KEY

Router(ca-trustpoint)#enrollment terminal

Router(config)#crypto ca enroll SSL-CERT

% Start certificate enrollment ..

% The subject name in the certificate will include: Router

% Include the router serial number in the subject name? [yes/no]: n

% Include an IP address in the subject name? [no]: n

Display Certificate Request to terminal? [yes/no]: y

Under here the key showed up for me to paste into my browser.

Tommy,

Maybe your CA server requires that both domain and country code is present?

I don't see any clear fault on router's side.

Try to add something like this in trustpoint.

subject-name CN=$HOSTNAMENAME.$MYDOMAIN.$TLD,OU=$OU_NAME,C=$TWO_LETTER_COUNTRY_CODE

And generate CSR again.

Marcin