Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
856
Views
0
Helpful
3
Replies

Change contry code on 1941 router

Go to solution
Tommy Svensson
Level 1
Level 1

ā€Ž05-04-2011 01:32 AM

Hi.

I am trying to install SSL VPN on our 1941 router. When i try to send a CSR for signing the site complains about the country code not being correct. How can i change the contry code in Cisco IOS  Version 15.0(1r)M9 ?

It is also complaining about the domainname, but the thing right now is the contry code.

Hoping someone could shine some light on this matter.

Regards Tommy Svensson

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Tommy Svensson

ā€Ž05-04-2011 02:52 AM

Tommy,

Maybe your CA server requires that both domain and country code is present?

I don't see any clear fault on router's side.

Try to add something like this in trustpoint.

subject-name CN=$HOSTNAMENAME.$MYDOMAIN.$TLD,OU=$OU_NAME,C=$TWO_LETTER_COUNTRY_CODE

And generate CSR again.

Marcin

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

ā€Ž05-04-2011 02:37 AM

Tommy,

Show us what you've configured under trustpoint.

Note that country code should be based on ISO.

http://en.wikipedia.org/wiki/ISO_3166-1

Marcin

0 Helpful

Go to solution
Tommy Svensson
Level 1
Level 1
In response to Marcin Latosiewicz

ā€Ž05-04-2011 02:43 AM

This is what ive configure under trustpoint so far.

router#show runcrypto pki trustpoint SSL-CERT
enrollment terminal
revocation-check crl
rsakeypair MY-KEY

This is what i did to enroll the request to be signed:

Router(config)#crypto key generate rsa label MY-KEY modulus 2048

Router(config)#crypto ca trustpoint SSL-CERT

Router(ca-trustpoint)#rsakeypair MY-KEY

Router(ca-trustpoint)#enrollment terminal

Router(config)#crypto ca enroll SSL-CERT

% Start certificate enrollment ..

% The subject name in the certificate will include: Router

% Include the router serial number in the subject name? [yes/no]: n

% Include an IP address in the subject name? [no]: n

Display Certificate Request to terminal? [yes/no]: y

Under here the key showed up for me to paste into my browser.

0 Helpful

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Tommy Svensson

ā€Ž05-04-2011 02:52 AM

Tommy,

Maybe your CA server requires that both domain and country code is present?

I don't see any clear fault on router's side.

Try to add something like this in trustpoint.

subject-name CN=$HOSTNAMENAME.$MYDOMAIN.$TLD,OU=$OU_NAME,C=$TWO_LETTER_COUNTRY_CODE

And generate CSR again.

Marcin

0 Helpful
Customers Also Viewed These Support Documents