Cisco Unified Operating System supports certificates
that a third-party Certificate Authority (CA) issues with PKCS # 10 Certificate
Signing Request (CSR).
To use an
application certificate that a third-party CA issues, you must obtain both the
signed application certificate and the CA root certificate from the CA. Get
information about obtaining these certificates from your CA. The process varies
Presence Service Certificate Signing Requests (CSRs) include extensions that
you must include in your request for an application certificate from the CA. If
your CA does not support the ExtensionRequest mechanism, you must enable the X.509 extensions that are listed in the generated CSR file. For information on how to view the extensions in the generated CSR file, see View Certificates.
verified third-party certificates that were obtained from Microsoft, Keon, and
Verisign CAs. Certificates from other CAs might work but have not been
Operating System generates certificates in DER and PEM encoding
formats and generates CSRs in PEM encoding format. It accepts certificates in
PEM and DER encoding formats.
Public Certificate Authorities (CA) typically require Certificate
Signing Requests (CSRs) to conform to specific formats. For example, a public
CA might only accept CSRs that:
- Are Base64-encoded
- Do not contain certain
characters, such as @&!, in the Organization, OU, or other fields.
- Use specific bit lengths in
the server's public key
Likewise, if you submit CSRs from multiple nodes, public CAs might
require that the information is consistent in all CSRs.
To prevent issues with your CSRs, you should review the format
requirements from the public CA to which you plan to submit the CSRs. You
should then ensure that the information you enter when configuring your server
conforms to the format that the public CA requires.