This document provides instructions for generating a Certificate Signing Request (CSR) for Cisco ACS 4.2. If you are unable to use these instructions for your server, Symantec recommends that you contact Cisco.
Note: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.
To generate a Certificate Signing Request (CSR), please perform the following steps:
In the navigation bar, click System Configuration
Click ACS Certificate Setup. Then click Generate Certificate Signing Request
Cisco Secure ACS displays the Generate Certificate Signing Request page.
In the Certificate Subject box, type the values for the certificate fields required by Symantec
Note: The format is: Field=Value, Field=value, where field is the field name such as CN, and value is the applicable value for that field
You can type a maximum of 256 characters in the Certificate Subject box. Separate values with commas.
CN=www.domain.com, O=Organization Name Inc., OU=Department, C=US, S=State, L=Locality
The following information defines the valid fields that you can include in the "Certificate Subject" box:
In the Private Key File box, type the full directory path and name of the file in which the private key is saved.
For example: c:\privatekeyfile.pem
In the private key password box, create a private key password for your private key.
Note: Make sure to save your private key password. You will need to use this password again. If you loose your password,
you will not have access to your private key and the certificate will not install when received.
In the Retype Private Key Password box, retype the private key password.
From the Key Length list, select the length of the key to be used.
Note: All certificates that will expire after October 2013 must have a 2048-bit key size.
From the Digest to Sign With List, select the digest (or hash algorithm) as SHA-2
Click Submit. Cisco Secure ACS displays a CSR on the right side of the browser.
To copy and paste the information into the enrollment form, open the file in a text editor such as Notepad that does not add extra characters
During certificate enrollment, you will be asked to select a server platform. Choose Apache.
Once the SSL certificate has been issued, follow the steps from this link to install it on the server: SO16153