Ask a Question

Advanced Search

Solution ID : SO19408

Last Modified : 05/31/2019

Certificate Signing Request (CSR) Generation Instructions - Cisco ACS 4.2


This document provides instructions for generating a Certificate Signing Request (CSR) for Cisco ACS 4.2. If you are unable to use these instructions for your server, DigiCert recommends that you contact Cisco.
Note: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.

To generate a Certificate Signing Request (CSR), please perform the following steps:

  1. In the navigation bar, click System Configuration

  2. Click ACS Certificate Setup. Then click Generate Certificate Signing Request

  3. Cisco Secure ACS displays the Generate Certificate Signing Request page.

  4. In the Certificate Subject box, type the values for the certificate fields required by Symantec   

    Note: The format is: Field=Value, Field=value, where field is the field name such as CN, and value is the applicable value for that field

    You can type a maximum of 256 characters in the Certificate Subject box. Separate values with commas.

    For example:, O=Organization Name Inc., OU=Department, C=US, S=State, L=Locality

    The following information defines the valid fields that you can include in the "Certificate Subject" box: 

    • CN= Common Name (name that you want to secure for your certificate)
    • OU= Organizational Unit Name (department or unit using the certificate. Example: IT department, sales)
    • O= Organization Name (The fully qualified name of your company)
    • L= Locality Name (This is the city your business is in)
    • S= State/Province Name (The state/Province must be spelled out in full. No abbreviations)
    • C= Country Name (Two letter country code)
    • E= Email address (This is not needed for our system to generate a certificate, and will be ignored)
  5. In the Private Key File box, type the full directory path and name of the file in which the private key is saved. 
    For example: c:\privatekeyfile.pem

  6. In the private key password box, create a private key password for your private key.  
    Note: Make sure to save your private key password. You will need to use this password again. If you loose your password,
    you will not have access to your private key and the certificate will not install when received.

  7. In the Retype Private Key Password box, retype the private key password.

  8. From the Key Length list, select the length of the key to be used.
    Note: All certificates that will expire after October 2013 must have a 2048-bit key size. 

  9. From the Digest to Sign With List, select the digest (or hash algorithm) as SHA-2

  10. Click Submit. Cisco Secure ACS displays a CSR on the right side of the browser.

  11. To copy and paste the information into the enrollment form, open the file in a text editor such as Notepad that does not add extra characters

  12. Verify your CSR

  13. During certificate enrollment, you will be asked to select a server platform. Choose Apache.

Once the SSL certificate has been issued, follow the steps from this link to install it on the server: SO16153


         For additional information refer to Cisco Support