Solved: Private Key for CSR generated on Cisco FMC

rjshec001 · ‎10-03-2023

Dear All,

I have generated CSR on Cisco FMC, Can I get the private key for the generated CSR?

Thanks,

Rajesh.

Rob Ingram · ‎10-03-2023

@rjshec001 why do you need the private key? It's contained within the trustpoint you've created, I don't believe you can export it.

You need to send the CSR to be signed by the CA, when they provide the signed identity certificate you need to import it (as per the screenshot provided).

https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html

View solution in original post

Rob Ingram · ‎10-03-2023

@rjshec001 why do you need the private key? It's contained within the trustpoint you've created, I don't believe you can export it.

You need to send the CSR to be signed by the CA, when they provide the signed identity certificate you need to import it (as per the screenshot provided).

https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html

rjshec001 · ‎10-03-2023

@Rob Ingram , I got the point.

why do you need the private key? - I have deleted that trust point associated with CSR which sent to CA. CA sent the certificates and while importing the new trust point key is not matching with certificate.

Now I will share the CSR associated with new trust point with CA for resign.

Thanks.

Marvin Rhoads · ‎10-03-2023

If you need the private key outside of the FMC then you would need to use an external tool like openssl or XCA to generate the CSR.

But, as @Rob Ingram noted, it's really not necessary.