Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1409
Views
15
Helpful
5
Replies

how can install openssl certificate chain on cisco router ?

MrBeginner
Spotlight
Spotlight

‎06-08-2022 03:08 AM

Hi ,

I would like to ask about how to can i use open-ssl certificate on cisco router without generate CSR on router.

I will generate CSR,certificate key by openssl and singn by openssl or other CA.

how to install this certificate chain on cisco router ? This way is can use on firepower firewall and already tested for web server certificate.

 

I have experience create trustpoint on cisco router and generate csr and signed by CA and install back. It is no issue for me.

Now i just want to confirm if i generate CSR and key by openssl and sign by openssl or other CA. I will install back on router and i will use this certificate for IPsec . Is it possible ?

Labels:
0 Helpful
5 Replies 5

Rob Ingram
VIP
VIP

‎06-08-2022 03:11 AM - edited ‎06-08-2022 03:16 AM

@MrBeginner generate the CSR using openssl, get the certificate signed. Bundle the certifcates and and key to a PKCS12 file with a password, then import the PKCS12 in to router.

MrBeginner
Spotlight
Spotlight
In response to Rob Ingram

‎06-08-2022 03:43 AM

Hi @Rob Ingram ,

Can i import my private to using crypto key import rsa .

And then i also will point this key name under my trustpoint using rsakeypair xxx command.

And will install certificate of this key pair. and i will use this trustpoint in ike profile using pki trustpoint xxx command . it is possible on IPsec VPN ?

0 Helpful

Rob Ingram
VIP
VIP
In response to MrBeginner

‎06-08-2022 03:48 AM

@MrBeginner you create a RSA keypair and a trustpoint (which references the RSA keypair), then import the PKCS12 to the trustpoint. You can then refer to the trustpoint in the VPN configuration.

 

 

 

MrBeginner
Spotlight
Spotlight
In response to Rob Ingram

‎06-08-2022 03:56 AM

hi ,

if generate the CSR using openssl, get the certificate signed. Bundle the certifcates and and key to a PKCS12 file with a password, then import the PKCS12 in to router.

how to use this certificate in VPN configuration ? I cannot find the command to use those installed cert .

 

0 Helpful

Rob Ingram
VIP
VIP
In response to MrBeginner

‎06-08-2022 04:00 AM

@MrBeginner so assuming you've imported the certificate to the router, you'd reference the trustpoint name.

In this FlexVPN example below, the trustpoint is referenced under the IKEv2 profile.

 

crypto ikev2 profile IKEV2_PROFILE
 pki trustpoint LAB_PKI
 authentication local rsa-sig
 authentication remote rsa-sig

 

Customers Also Viewed These Support Documents