Generating Certificate Requests
You must generate a request to obtain identity certificates from the associated trust point CA for each of your switch's RSA key-pairs. You must then cut and paste the displayed request into an e-mail message or in a website form for the CA.
To generate a request for signed certificates from the CA using Fabric Manager, follow these steps:
- Expand Switches > Security and then select PKI in the Physical Attributes pane.
- Click the Trust Point Actions tab in the Information pane .
- Select the certreq option from the Command drop-down menu. This generates a pkcs#10 certificate signing request (CSR) needed for an identity certificate from the CA corresponding to this trust point entry. This entry requires an associated key-pair. The CA certificate or certificate chain should already be configured through the caauth action.
- Enter the output file name for storing the generated certificate request. It will be used to store the CSR generated in PEM format. Use the format bootflash:filename. This CSR should be submitted to the CA to get the identity certificate. Once the identity certificate is obtained, it should be installed in this trust point.
- Enter the challenge password to be included in the CSR.
Note The challenge password is not saved with the configuration. This password is required in the event that your certificate needs to be revoked, so you must remember this password.
- Click Apply Changes to save the changes.
Copyright © 2002-2007, Cisco Systems, Inc. All rights reserved.