Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
1
Replies

Manually generate a CSR on PIX Running V6 Software

cjitnet
Level 1
Level 1

‎07-03-2008 06:01 AM

Hello All.

I need to create a site to site VPN tunnel using Verisign SSL certificates instead of a pre-shared key.

The V6 Software on the pix only has configuration instructions to configure it to use SCEP (Simple Certification Enrollment Process). However Verisign have stated that they no longer support SCEP and that you must manually generate a CSR on the device and copy and paste the result onto their web page when purchasing the certificate.

The question is

Can you Manually generate a CSR on a PIX firewall Running V6 Software?

It seems possible to do this using V7 Software, however I am using a PIX506E which cannot be upgraded to V7.

If anyone can let me know the answer to my question that would be most appreciated.

Thanks in advance

Chris

Labels:
0 Helpful
1 Reply 1

hadbou
Level 5
Level 5

‎07-09-2008 01:43 PM

A certificate signing request (CSR) is required in order for the third party CA to issue an identity certificate. The CSR contains your ASA's distinguished name (DN) string along with the ASA's generated public key. The ASA uses the generated private key to digitally sign the CSR.

Refer the following url for more info on generating RSA:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080930f21.shtml#step2

0 Helpful
Customers Also Viewed These Support Documents