There are many options when troubleshooting in FortiGate firewalls. ... Full Story
By Manny Fernandez
November 1, 2016
Creating a Certificate Signing Request on the ASA
First things first; check the time on your ASA. You can do this with the following command:
show clock
If the time is not set correctly, you can set the time zone and use the ‘set clock’ command to set the correct time.
Now lets get started. We first need to create a public/private key pair
crypto key generate rsa label monkey.key modulus 2048
Now we create a ’TrustPoint’ which we will reference the key pair from above. We also define the DN
We now define the attribute-value These are the common attributes set:
CN: CommonName OU: Organizational Unit O: Organization L: Locality S: State Or Province Name C: Country Name
crypto ca trustpoint access.monkey.trustpoint
subject-name CN=access.monkey.com,OU=access,O=monkey.com,C=US,St=Florida,L=DC
keypair monkey.key
fqdn access.monkey.com
enrollment terminal
exit
Now we will generate the actual CSR (Certificate Signing Request). This will be a Base64 encoded PEM format. The output will need to be sent to the CA server for signing.
crypto ca enroll access.monkey.trustpoint % Start certificate enrollment .. % The subject name in the certificate will be: CN=access.monkey.com,OU=access,O=monkey.com,C=US,St=Florida,L=DC % The fully-qualified domain name in the certificate will be: access.monkey.com % Include the device serial number in the subject name? [yes/no]: no Display Certificate Request to terminal? [yes/no]: yes Certificate Request follows: bieteeDaV8ek1Ahthairi0thoy1fua2Eoph7duerai7eepichaey9aeziequ7shi thahzohphahca3laiYiapaiB3reeneifaeXeeGi8Caecaib5ieth6iwuiCh9aeM8 chu4ve1ooxae8oodoo6ieQuahn7oay7Zei6Shoo2jajohchi0hiexoijookiengi ieh6coh5noos9BeiMie3saig9MuiQueid6ithoovaineap0vaiT4joogu4lun5to uifiedaigohdo1eev4ook0ohoh5aeC4ael0LeiNgi5tahth7aoquaech1ibahc4n jihiepohtanaeyePiexeiVohgaf3peesahh2phicheshai9QuioPideSahsah3To eiL6Ui6choh5eiH9PohlaiyoogibeipohNa1ja5oov6iith6aejohph3go2Goh3a Aegeuwah1yoocei6eiGahquieshoh0Iev1AhpheeZ0rei9ohgaewah5ooSaiJ0ai fieD1dooleas6phooweixenijaimaiy5ien1phieQuuz0eiSoop7eizaiduu6ung ukootohs3ohng3aeth4ca2quaineichaizailaezie2ahjaefaipee4shei4WahH xeaphahNohChiezakooZiedae5oodieWoo7ahghu8dohK9jaineiVah5iex0aep2 theengah4ohl3Mahl7iew8pi0oRoop8AichibaezohBu2yae5phei0edeifug8ze ---End - This line not part of the certificate request--- Redisplay enrollment request? [yes/no]: no primate-fw-01(config)#
Hope this helps
Recent posts
-
-
Have you ever had an IPS signature that continues... Full Story
-
Use case: Customer has a Split Tunnel Enabled but... Full Story