Ask a Question

Advanced Search

Solution ID : SO22571

Last Modified : 05/31/2019

Managed PKI for SSL - Certificate Signing Request (CSR) Generation Instructions for Cisco ISE


This document provides instructions for generating a Certificate Signing Request (CSR) for Cisco ISE. If unable to use these instructions for your server, DigiCert recommends to contact Cisco.
To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.

To generate a Certificate Signing Request, perform following steps:

  1. Click Administration > System > Certificates.
  2. From the Certificate Operations navigation pane on the left, click Local Certificates.
    NOTE: To generate a CSR from a secondary node, choose Administration > System > Server Certificate.
    The Local Certificate page appears.
  3. Click Add > Generate Certificate Signing Request.

    The Generate Certificate Signing Request page appears as shown below:

  4. Enter the certificate subject and the required key length. The certificate subject is a distinguished name (DN) identifying the entity associated with the certificate. Following information is required:
    • Common Name: The fully-qualified domain name to which your certificate will be issued.
    • Organization: The full legal name of your company.
    • Organizational Unit: Use this field to differentiate between divisions within an organization.
    • City or Locality: Usually the city of your organization's main office, or a main office for your organization.
    • State or Province: Enter the full name of your state or province. 
      Note: Make sure the State or Province is not abbreviated (e.g. California).
    • Country: Enter the two-character abbreviation of country in which organization resides (e.g. US).
  5. Click Submit to generate a CSR.
  6. A CSR and its private key are generated and stored in Cisco ISE. You can view this CSR in the Certificate Signing Requests page. You can export the CSR and send it to Symantec to obtain a certificate.
  7. Verify your CSR
  8. Proceed with Enrollment.

Once the SSL certificate has been issued, follow the steps from this link to install it on the server.


         For more information refer to Cisco Support