This document was created to assist with the generation of a Certificate Signing Request (CSR) for Cisco ACS 4.2. If this document can not be used within the environment, RapidSSL recommends contacting an organization that supports Cisco ACS.
NOTE: As of 1/1/2016 all public SSL certificates must be issued as SHA-256 with at least a 2048-bit key size. Please ensure that the server can support these standards before requesting a certificate.
To generate a Certificate Signing Request (CSR), please perform the following steps:
- In the navigation bar, click System Configuration
- Click ACS Certificate Setup > Generate Certificate Signing Request.
- Cisco Secure ACS displays the Generate Certificate Signing Request page. In the Certificate Subject box, type the values for the required fields. Separate each field and value with a comma. For example:
CN=www.bbtest.net, O=Symantec Corporation, OU=Technical Support, C=US, S=California, L=Mountain View
Country Name (C): Use the two-letter ISO code without punctuation for the country, for example: US
State or Province (S): Enter the state or province where the organization is headquartered. Do not abbreviate, for example: California
Locality or City (L): The Locality field is the city or town name, for example: Mountain View
Organization (O): Enter the organization name as it is registered. Avoid special characters. For example: Symantec Corporation
Organizational Unit (OU): This field is the name of the department or business unit making the request. For example, Technical Support
Common Name (CN): The Common Name is the host + domain. For example, www.bbtest.net or *.bbtest.net for a wildcard.
- In the Private Key File box, type the full directory path and name of the file in which the private key is saved. For example: C:\privatekeyfile.pem
- In the private key password box, create a private key password for your private key. RapidSSL can not recover lost private key passwords.
- In the Retype Private Key Password box, retype the private key password.
- From the Key Length list, select the 2048 bit length of the key to be used.
- From the Digest to Sign With List, select the digest (or hash algorithm). Use SHA-256. If SHA-256 is not available, SHA-1 is acceptable for the CSR. The SSL certificate will be issued as SHA-256.
- Click Submit.
- Cisco Secure ACS displays a CSR on the right side of the browser. Copy and paste the full CSR text into a plain text editor (such as Notepad or Vi) and save the file with a .TXT extension.
- During certificate enrollment, you will be asked to select a server platform. Choose Apache - HTTP Server. When prompted for the CSR, use a pain text editor to open the CSR file. Submit the full text of the CSR including the header and footer lines.
Once the SSL certificate has been issued, refer to this link for installation instructions.
For additional information and steps on Cisco ACS products, please check the Cisco website