11-26
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
11






Configuring

SSL
Configuring
SSL

CSR

Parameters
Generating
CSRs
You
can

generate

an

SSL

certificate

signing

request

(CSR),

which

is

a

message

that

you

send

to

a
certificate
authority

such

as

VeriSign

and

Thawte

to

apply

for

a

digital

identity

certificate.

Create

a

CSR
when
you

need

to

apply

for

a

certificate

from

a

certificate

authority.

When

the

certificate

authority
approves
a

request,

it

signs

the

CSR

and

returns

the

authorized

digital

certificate

to

you.

This

certificate
includes
the

private

key

of

the

certificate

authority.

When

you

receive

the

authorized

certificate

and

key
pair,
you

can

import

them

for

use

(see

the

“Importing

SSL

Certificates”

section

on

page

11-7

and

the
“Importing
SSL

Key

Pairs”

section

on

page

11-11 ).
Note
You
cannot

generate

a

CSR

in

Building

Blocks

(Config
>
Gl

obal
>
All

Building

Blocks);

SSL

CSR
generation
is

available

only

in

virtual

context

configuration.
Assumption
You
have

configured

SSL

CSR

parameters

(see

the

“Configuring

SSL

CSR

Parameters”

section

on
page
11-24 ).
Procedure
Step
1
Choose
Config
>

Devices

>

context

>

SSL

>

Keys.
The
Keys

t

able

appears.
Step
2
In
the

Keys

table,

choose

a

key

and

click
Generate
CSR.
The
Generate

a

Certificate

Signing

Request

dialog

box

appears.
Step
3
In
the

CSR

Parameter

field
of
the

Generate
a
Certificate
Signing
Request

dialog

box,

choose

the

CSR
parameter
to

be

used.
Step
4
Do
one

of

the

following:


Click
OK
to

generate

the

CSR.

The

CSR

appears

in

a

popup

window

which

you

can

now

submit

to
a
certificate

authority

for

approval.

Work

with

your

certificate

authority

to

determine

the

method

of
submission,
such

as

email

or

a

Web-based

application.

Click

Close

to

close

the

popup

window

and
to
return

to

the

Keys

table.


Click
Cancel
to

exit

this

procedure

without

generating

the

CSR

and

to
return
to
the
Keys
table.
Related
Topics


Configuring
SSL,

page
11-1


Importing
SSL

Certificates,

page
11-7


Importing
SSL

Key

Pairs,

page
11-11


Configuring
SSL

Parameter

Maps,
page
11-18


Configuring
SSL

Chain

Group

Parameters,

page
11-23


Configuring
SSL

Proxy

Service,

page
11-27