[cmxadmin@cmx-andressi]$ cmxctl config certs createcsr Keytype is RSA, so generating RSA key with length 4096 Generating RSA private key, 4096 bit long modulus ............ ... e is 65537 (0x10001) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:MX State or Province Name (full name) [Some-State]:Tlaxcala Locality Name (eg, city) :Tlaxcala Organization Name (eg, company) [Internet Widgits Pty Ltd]:Cisco Organizational Unit Name (eg, section) :TAC Common Name (e.g. server FQDN or YOUR name) :cmx-andressi Email Address :email@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password :Cisco123 An optional company name :Cisco The CSR is stored in : /opt/cmx/srv/certs/cmxservercsr.pem The Private key is stored in: /opt/cmx/srv/certs/cmxserverkey.pem
[cmxadmin@cmx-andressi]# cmxctl config certs importservercert key-cert.pem Importing Server certificate..... Successfully transferred the file Enter Export Password: password Verifying - Enter Export Password: password Enter Import Password: password Private key present in the file: /home/cmxadmin/key-cert.pem Enter Import Password: password
No CRL URI found. Skipping CRL download. Validation of server certificate is successful Import Server Certificate successful Restart CMX services for the changes to take effect. Server certificate imported successfully.
To apply these certificate changes, CMX Services will be restarted now. Please press Enter to continue.
CRL successfully downloaded from http://<URL>.crl This is new CRL. Adding to the CRL collection. ERROR:Check for subjectAltName(SAN) failed for Server Certificate ERROR: Validation is unsuccessful (err code = 3) ERROR: Import Server Certificate unsuccessful