{"id":695,"date":"2012-08-01T00:00:00","date_gmt":"2012-08-01T00:00:00","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2012\/08\/01\/cisco-asa-how-do-i-generate-a-csr\/"},"modified":"2021-07-31T16:45:37","modified_gmt":"2021-07-31T16:45:37","slug":"cisco-asa-how-do-i-generate-a-csr","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/cisco-asa-how-do-i-generate-a-csr.html","title":{"rendered":"Cisco ASA – How do I generate a CSR ?"},"content":{"rendered":"
A Certificate Signing Request (CSR) is a base-64 encoded (PEM based) string which is generated using the users public key along with a number of attributes provided by the user such as DN, email, address etc. The CSR is then sent to the CA which it then uses to create a public certificate. The public certificate is then signed and sent back to the user. The benefit of using a CSR is that the private key never leaves the client.<\/p>\n
Below, We provide the necessary steps to generate a CSR on a Cisco ASA.<\/p>\n
First of all we create a key pair (private\/public key)<\/p>\n
ciscoasa#conf t
\nciscoasa(config)#crypto key generate rsa label fir3net.key modulus 1024<\/p>\n
INFO: The name for the keys will be: fir3net.key
\nKeypair generation process begin. Please wait…<\/p>\n
Next a trust point is created. Within the trustpoint the previously created key pair is assigned and certificates DN is defined.<\/p>\n
ciscoasa(config)#crypto ca trustpoint my.thwart.trustpoint
\nciscoasa(config-ca-trustpoint)#subject-name CN=webvpn.www.fir3net.com,OU=lab,O=cisco.com,C=UK,St=Hants,L=Winchester
\nciscoasa(config-ca-trustpoint)#keypair fir3net.key
\nciscoasa(config-ca-trustpoint)#fqdn webvpn.cisco.com
\nciscoasa(config-ca-trustpoint)#enrollment terminal
\nciscoasa(config-ca-trustpoint)#exit<\/p>\n
Finally we generate the actual CSR. From this a base64 encoded PEM is created. This string is then sent to the CA, which is used to generate the pubic certificate.<\/p>\n
ciscoasa(config)#crypto ca enroll my.thwart.trustpoint<\/p>\n
% Start certificate enrollment ..
\n% The subject name in the certificate will be: CN=webvpn.www.fir3net.com,OU=lab,O=cisco.com,C=UK,St=Hants,L=Winchester
\n% The fully-qualified domain name in the certificate will be: ebvpn.www.fir3net.com
\n% Include the device serial number in the subject name? [yes\/no]: no<\/p>\n
Display Certificate Request to terminal? [yes\/no]: yes<\/p>\n
Certificate Request follows:<\/p>\n
MIICHjzCAYcCAQAwgaAxEDAOBgNVBAcTB1JhbGVpZ2gxFzAVBgNVBAgTDk5vcnRo
\nIENhcm9saW5hMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNQ2lzY28gU3lzdGVtczEO
\nMAwGA1UECxMFVFNXRUIxGzAZBgNVBAMTEmNpc2NvYXNhLmNpc2NvLmNvbTEhMB8G
\nCSqGSIb3DQEJAhYaY2lzY29hc2EuY2lzY28uY29tMIGfMA0GCSqGSIb3DQEBAQUA
\nA4GNADCBiQKBgQCmM\/2VteHnhihS1uOj0+hWa5KmOPpI6Y\/MMWmqgBaB9M4yTx5b
\nFm886s8F73WsfQPynBDfBSsejDOnBpFYzKsGf7TUMQB2m2RFaqfyNxYt3oMXSNPO
\nm1dZ0xJVnRIp9cyQp\/983pm5PfDD6\/ho0nTktx0i+1cEX0luBMh7oKargwIDAQAB
\noD0wOwYJKoZIhvcNAQkOMS4wLDALBgNVHQ8EBAMCBaAwHQYDVR0RBBYwFIISY2lz
\nY29hc2EuY2lzY28uY29tMA0GCSqGSIb3DQEBBAUAA4GBABrxpY0q7SeOHZf3yEJq
\npo6wG+oZpsvpYI\/HemKUlaRc783w4BMO5lulIEnHgRqAxrTbQn0B7JPIbkc2ykkm
\nbYvRt\/wiKc8FjpvPpfOkjMK0T3t+HeQ\/5Qllx2Y\/vrqs+Hg5SLHpbhj\/Uo13yWCe
\n0Bzg59cYXq\/vkoqZV\/tBuACr<\/p>\n
—End – This line not part of the certificate request—<\/p>\n
Redisplay enrollment request? [yes\/no]: no
\nciscoasa(config)#<\/p>\n","protected":false},"excerpt":{"rendered":"
A Certificate Signing Request (CSR) is a base-64 encoded (PEM based) string which is generated using the users public key along with a number of attributes provided by the user such as DN, email, address etc. The CSR is then sent to the CA which it then uses to create a public certificate. The public … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"yoast_head":"\n