Generating a Certificate Signing Request for Use with TN3270 ServerWhat Is a Certificate Signing Request?
A certificate signing request (CSR) is a special file with encoded information necessary to request a digital certificate from a certificate authority (CA).
If you have a secure TN3270 server running Secure Sockets Layer (SSL) security code, you need a server certificate. The server certificate is installed on the router. Without the certificate, clients cannot establish secure sessions to the router.
Cisco does not provide digital certificates. Digital certificates must be obtained from a CA such as Entrust, Verisign, or thawte. CAs normally require you to submit your request for a server certificate as a CSR.
What Is the Private Key File?
Supplied ApplicationsAs mentioned previously, Cisco does not provide digital certificates. A number of open-source Windows- and UNIX-based programs can be used to create the CSR and private key files. You are welcome to use any of these.
Getting a CertificateAfter you have generated the CSR and private key files, you can then make an application to a CA. For example, on Verisignís Web site at www.verisign.com, you are asked to paste your CSR into the Web page. Only use PEM formats when asked to paste a CSR onto a Web page. You do not need the private key during the CSR process. Do not give the private key file to anyone outside of your trusted administrators.
Making the Complete Certificate FileWhen you receive the certificate file back from the CA, copy this file to the same directory where the private key is stored.
The Cisco TN3270 Server takes a single file containing both the certificate and private key. Concatenate these two files together. The concatenated file should be stored on the flash on the Cisco router according to the TN3270 Server SSL installation instructions.
type certificate.pem > certfinal.pem
type certreq-key.pem >> certfinal.pem
This will concatenate both files into the file certfinal.pem, which can then be copied to the flash card on the Cisco router.