Ask a Question

Advanced Search

Alert ID : INFO1993

Last Modified : 05/03/2018

Certificate Signing Request (CSR) Generation Instructions for Cisco ACS 3.2


This document was created to assist with the generation of a Certificate Signing Request (CSR) for Cisco ACS 3.2. If this document can not be used within the environment, RapidSSL recommends contacting an organization that supports Cisco ACS.

NOTE: As of 1/1/2016 all public SSL certificates must be issued as SHA-256 with at least a 2048-bit key size.  Please ensure that the server can support these standards before requesting a certificate.

Generate a private key and Certificate Signing Request (CSR):
  1. In the navigation bar, click System Configuration.
  2. Click ACS Certificate Setup.
  3. Click Generate Certificate Signing Request.
  4. Cisco Secure ACS displays the Generate new request table on the Generate Certificate Signing Request page.  In the Certificate Subject box, enter the information below.

    Country Name (C): Use the two-letter ISO code without punctuation for country, for example: US
    State or Province (S): Enter the state or province where the organization is headquartered.  Do not abbreviate, for example: California
    Locality or City (L): The Locality field is the city or town name where the organization is headquartered, for example: Mountain View
    Organization (O): Enter the organization name as it is registered.  Avoid special characters.  For example:  Symantec Corporation
    Organizational Unit (OU): This field is the name of the department or business unit making the request.  For example, Technical Support
    Common Name (CN): The Common Name is the host + domain. For example, or * for a wildcard.

    Enter values for each of the fields separated by a comma.  For example:, O=Symantec Corporation, OU=Technical Support, C=US, S=California, L=Mountain View
  5. In the Private key file field, type the full directory path and name of the file in which the private key is saved, for example, C:\privateKeyFile.pem
  6. In the Private key password field, type the private key password that you have would like to use. RapidSSL does not have access to this password and cannot recover it.
  7. In the Retype private key password field, retype the private key password.
  8. In the Key Length list, choose at least 2048 bits.
  9. From the Digest To Sign With list, select SHA-256.  If SHA-256 is not available, a SHA-1 CSR is acceptable.  The SSL certificate will be issued as SHA-256.
  10. Click Submit.
  11. Cisco Secure ACS displays the CSR on the right under a banner that reads: Now your certificate signing request is ready.  Copy the full text of the CSR and paste it into a plain-text editor (Notepad or Vi are recommended).  The files can be saved with a .TXT file extension.
  12. Continue to the certificate enrollment. When enrolling for the SSL Certificate you will be asked to choose a server vendor, choose Apache - HTTP Server. This will allow a certificate that is compatible with the Cisco ACS.
  13. Copy and paste the CSR into the enrollment form, open the file in a plain-text editor (Notepad or Vi are recommended).
Contact Information
During the verification process, RapidSSL may need to contact your organization.  Be sure to provide an email address, phone number, and fax number that will be checked and responded to quickly. This information is not part of the certificate.
Once the SSL certificate has been issued, refer to this link for installation instructions.