Command Reference vA5(1.0) and earlier, Cisco ACE Application Control Engine
CSR Parameters Configuration Mode Commands
Downloads: This chapterpdf (PDF - 120.0KB) The complete bookPDF (PDF - 28.65MB) | Feedback

CSR Parameters Configuration Mode Commands

Table Of Contents

CSR Parameters Configuration Mode Commands

(config-csr-params) common-name

(config-csr-params) country

(config-csr-params) email

(config-csr-params) locality

(config-csr-params) organization-name

(config-csr-params) organization-unit

(config-csr-params) serial-number

(config-csr-params) state


CSR Parameters Configuration Mode Commands

CSR parameters configuration mode commands allow you to define the distinguished name attributes for a Certificate Signing Request (CSR) parameter set. The ACE applies the CSR parameter set attributes during the CSR-generating process. The distinguished name attributes provide the Certificate Authority (CA) with the information that it needs to authenticate your site. The CA then applies the information that you provide in the CSR parameter set to your Secure Sockets Layer (SSL) certificate. Creating a CSR parameter set allows you to generate multiple CSRs with the same distinguished name attributes.

To create a new CSR parameter set (or modify an existing CSR parameter set) and access the CSR parameters configuration mode, use the crypto csr-params command. The CLI prompt changes to (config-csr-params). Use the no form of this command to remove an existing CSR parameter set.

crypto csr-params csr_param_name

no crypto csr-params csr_param_name

Syntax Description

csr_param_name

Name that designates a CSR parameter set. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.


Command Modes

Configuration mode

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

The commands in this mode require the SSL feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

When you specify a CSR parameter set, you define the following distinguished name attributes:

Common name—See the (config-csr-params) common-name command. This distinguished name attribute is required.

Country name—See the (config-csr-params) country command. This distinguished name attribute is required.

E-mail address—See the (config-csr-params) email command.

Locality—See the (config-csr-params) locality command.

Organization name (certificate subject)—See the (config-csr-params) organization-name command.

Organization unit—See the (config-csr-params) organization-unit command.

Serial number—See the (config-csr-params) serial-number command. This distinguished name attribute is required.

State—See the (config-csr-params) state command. This distinguished name attribute is required.

If you do not define the required distinguished name attributes, the ACE displays an error message when you attempt top generate a CSR using the CSR parameter set.

You can create up to eight CSR parameter sets per context.

To generate a Certificate Signing Request (CSR) file using the CSR parameter set, use the crypto generate csr command in the Exec mode.

Examples

To create the CSR parameter set CSR_PARAMS_1, enter:

host1/Admin(config)# crypto csr-params CSR_PARAMS_1
host1/Admin(config-csr-params)

Related Commands

crypto generate csr
(config-csr-params) common-name
(config-csr-params) country

(config-csr-params) email

(config-csr-params) locality

(config-csr-params) organization-name

(config-csr-params) organization-unit

(config-csr-params) serial-number

(config-csr-params) state

(config-csr-params) common-name

To define the common name parameter in the Certificate Signing Request (CSR) parameter set, use the common-name command. Use the no form of this command to delete an existing common name from the CSR parameter set.

common-name name

no common-name

Syntax Description

name

Name that designates the common name in a CSR parameter set. Enter the common name as an unquoted alphanumeric string with no spaces or a quoted string with spaces and a maximum of 64 characters.


Command Modes

CSR parameters configuration mode

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

The common name is a required distinguished name attribute. If you do not configure this attribute (and all other required attributes), the ACE displays an error message when you try to generate a CSR using the CSR parameter set.

The common name should be the domain name or individual hostname of the Secure Sockets Layer (SSL) site.

Examples

To specify the common name WWW.ABC123.COM, enter:

host1/Admin(config-csr-params)# common-name WWW.ABS123.COM

Related Commands

(config) crypto csr-params

(config-csr-params) country

(config-csr-params) email

(config-csr-params) locality

(config-csr-params) organization-name

(config-csr-params) organization-unit

(config-csr-params) serial-number

(config-csr-params) state

(config-csr-params) country

To define the country name parameter in the Certificate Signing Request (CSR) parameter set, use the country command. Use the no form of this command to delete an existing country name from the CSR parameter set.

country name

no country

Syntax Description

name

Name of the country where the Secure Sockets Layer (SSL) site resides. Enter the country name as an alphanumeric string from 1 to 2 characters.


Command Modes

CSR parameters configuration mode

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

The country name is a required distinguished name attribute. If you do not configure this attribute (and all other required attributes), the ACE displays an error message when you try to generate a CSR using the CSR parameter set.

Examples

To specify the country US (United States), enter:

host1/Admin(config-csr-params)# country US

Related Commands

(config) crypto csr-params

(config-csr-params) common-name

(config-csr-params) email

(config-csr-params) locality

(config-csr-params) organization-name

(config-csr-params) organization-unit

(config-csr-params) serial-number

(config-csr-params) state

(config-csr-params) email

To define the e-mail address parameter in the Certificate Signing Request (CSR) parameter set, use the email command. Use the no form of this command to delete an existing e-mail address from the CSR parameter set.

email address

no email

Syntax Description

address

Address that designates the site e-mail address in a CSR parameter set. Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric characters.


Command Modes

CSR parameters configuration mode

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

The e-mail address is an optional distinguished name attribute.

Examples

To specify the e-mail address WEBADMIN@ABC123.COM, enter:

host1/Admin(config-csr-params)# email WEBADMIN@ABC123.COM

Related Commands

(config) crypto csr-params

(config-csr-params) common-name

(config-csr-params) country

(config-csr-params) locality

(config-csr-params) organization-name

(config-csr-params) organization-unit

(config-csr-params) serial-number

(config-csr-params) state

(config-csr-params) locality

To define the locality name parameter in the Certificate Signing Request (CSR) parameter set, use the locality command. Use the no form of this command to delete an existing locality from the CSR parameter set.

locality name

no locality

Syntax Description

name

Name that designates the locality (a county, for example) in a CSR parameter set. Enter an unquoted text string with a maximum of 40 alphanumeric characters including spaces and the ampersand (&) character.


Command Modes

CSR parameters configuration mode

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(3.2)

The ampersand (&) character is supported.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A4(1.0)

The ampersand (&) character is supported.


Usage Guidelines

The locality name is an optional distinguished name attribute.

Examples

To specify the locality ATHENS, enter:

host1/Admin(config-csr-params)# locality ATHENS

Related Commands

(config) crypto csr-params

(config-csr-params) common-name

(config-csr-params) country

(config-csr-params) email

(config-csr-params) organization-name

(config-csr-params) organization-unit

(config-csr-params) serial-number

(config-csr-params) state

(config-csr-params) organization-name

To define the organization name parameter in the Certificate Signing Request (CSR) parameter set, use the organization-name command. Use the no form of this command to delete an existing organization name from the CSR parameter set.

organization-name name

no organization-name

Syntax Description

name

Name that designates the organization in a CSR parameter set. Enter the organization name as an unquoted alphanumeric string with a maximum of 64 characters including spaces. The ACE also supports the ampersand (&) character.


Command Modes

CSR parameters configuration mode

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(3.2)

The ampersand (&) character is supported.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A4(1.0)

The ampersand (&) character is supported.


Usage Guidelines

The organization name is an optional distinguished name attribute.

Examples

To specify the organization ABC123 SYSTEMS INC, enter:

host1/Admin(config-csr-params)# organization-name ABC123 SYSTEMS INC

Related Commands

(config) crypto csr-params

(config-csr-params) common-name

(config-csr-params) country

(config-csr-params) email

(config-csr-params) locality

(config-csr-params) organization-unit

(config-csr-params) serial-number

(config-csr-params) state

(config-csr-params) organization-unit

To define the organization unit parameter in the Certificate Signing Request (CSR) parameter set, use the organization-unit command. Use the no form of this command to delete an existing organization unit from the CSR parameter set.

organization-unit unit

no organization-unit

Syntax Description

unit

Name that designates the unit (within an organization) in a CSR configuration file. Enter the organization unit as an unquoted alphanumeric string with a maximum of 64 characters including spaces. The ACE also supports the ampersand (&) character.


Command Modes

CSR parameters configuration mode

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(3.2)

The ampersand (&) character is supported.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A4(1.0)

The ampersand (&) character is supported.


Usage Guidelines

The organization unit is an optional distinguished name attribute.

Examples

To specify the organization unit SSL ACCELERATOR, enter:

host1/Admin(config-csr-params)# organization-unit SSL ACCELERATOR

Related Commands

(config) crypto csr-params

(config-csr-params) common-name

(config-csr-params) country

(config-csr-params) email

(config-csr-params) locality

(config-csr-params) organization-name

(config-csr-params) serial-number

(config-csr-params) state

(config-csr-params) serial-number

To define the serial number parameter in the Certificate Signing Request (CSR) parameter set, use the serial-number command. Use the no form of this command to delete an existing serial number from the CSR parameter set.

serial-number number

no serial-number

Syntax Description

number

Number that designates the serial number in a CSR parameter set. Enter the serial number as an alphanumeric string from 1 to 16 characters.


Command Modes

CSR parameters configuration mode

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(3.2)

The ampersand (&) character is supported.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A4(1.0)

The ampersand (&) character is supported.


Usage Guidelines

The serial number is a required distinguished name attribute. If you do not configure this attribute (and all other required attributes), the ACE displays an error message when you try to generate a CSR using the CSR parameter set.

The CA may choose to overwrite the serial number that you provide with its own serial number.

Examples

To specify the serial number 1001, enter:

(config-csr-params)# serial-number 1001

Related Commands

(config) crypto csr-params

(config-csr-params) common-name

(config-csr-params) country

(config-csr-params) email

(config-csr-params) locality

(config-csr-params) organization-name

(config-csr-params) organization-unit

(config-csr-params) state

(config-csr-params) state

To define the state name parameter in the Certificate Signing Request (CSR) parameter set, use the state command. Use the no form of this command to delete an existing state name from the CSR parameter set.

state name

no state

Syntax Description

name

Name that designates the state or province in a CSR configuration file. Enter an unquoted text string with a maximum of 40 alphanumeric characters including spaces. and the ampersand (&) character.


Command Modes

CSR parameters configuration mode

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(3.2)

The ampersand (&) character is supported.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A4(1.0)

The ampersand (&) character is supported.


Usage Guidelines

The state name is a required distinguished name attribute. If you do not configure this attribute (and all other required attributes), the ACE displays an error message when you try to generate a CSR using the CSR parameter set.

Examples

To specify the state GA (Georgia), enter:

host1/Admin(config-csr-params)# state GA

Related Commands

(config) crypto csr-params

(config-csr-params) common-name

(config-csr-params) country

(config-csr-params) email

(config-csr-params) locality

(config-csr-params) organization-name

(config-csr-params) organization-unit

(config-csr-params) serial-number