SearchSupportDocsFree trial
Contact us
Tech Documents

How to Generate Certificate Signing Request on Cisco VPN 3000

This article will go into detail on how to generate certificate signing request on Cisco VPN 3000.

September 26, 2018

Step 1. In the Administration | Certificate Management screen. Click Click here to Enroll with a Certificate Authority. The Administration | Certificate Management | Enroll screen displays.

Figure 1 Administration | Certificate Management | Enroll Screen

Step 2. Click Identity certificate. The Administration | Certificate Management | Enroll | SSL certificate screen displays.

Step 3. Click Enroll via PKCS10 Request (Manual). The Administration | Certificate Management | Enroll | SSL certificate | PKCS10 Screen displays.

Step 4. Enter values in each of the fields on this screen.

Step 5. When you have finished, click Enroll. The Administration | Certificate Management | Enroll | Request Generated screen displays

The Manager displays this screen when the system has successfully generated a certificate request.

Note You must complete the Enrollment and certificate installation process within one week of generating the request. If you do not, the pending request is deleted .As the screen text indicates, within a few seconds, a browser window opens with the certificate request.

Figure 5 Example of a Certificate Request

You have generated a base 64 encoded PKCS#10 file (Public Key Certificate Syntax-10), which most CAs recognize or require. The system automatically saves this file in Flash memory with the filename shown in the browser (pkcsNNNN.txt).

In generating the request, the system also generates the private key used in the PKI process. That key remains on the VPN Concentrator in encrypted form.

Step 6. Save the request in to disk to be pasted into the CSR Request field for when you order the certificate online.

Step 7. Close this browser window when you have finished.

Requesting an SSL certificate from a CA for VPN 3000 Series Concentrator

Next you submit the SSL request. This must be the same CA that issued the CA certificate for this LAN-to-LAN connection. Submit the request and retrieve an SSL certificate according to the procedures of your CA.