Creating a Certificate Signing Request (CSR) and importing signed certificate in Management Center 2.x

book

Article ID: 171802

calendar_today

Updated On:

Products

Management Center

Issue/Introduction

Management Center 2.0.1.1 introduces the ability to create a certificate signing request via the CLI

Resolution

A CSR can be generated from the Management Center CLI.  The CSR *MUST* use the default keyring.

SSH to Management Center and login

Enter enable mode (command: enable), and then enter configure terminal mode (command: configure terminal)
Create the certificate signing request.
You *MUST* use the default keyring to create the certificate signing request.  Be sure you know the CSR subject info.  The common name must be the IP address or FQDN of your Management Center appliance.

Example:
ssl create signing-request default subject C=US,ST=CA,O=Symantec,CN=1.1.1.1

Steps on CLI:

;======================================================================

login as: admin
[email protected]'s password:

admin connected from 10.96.36.50 using ssh on 1.1.1.1
1.1.1.1> en
Password:
1.1.1.1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
1.1.1.1(config)# ssl create keyring sslkey algorithm rsa length 3072 showable yes
....
  ok
1.1.1.1(config)# ssl
1.1.1.1(config-ssl)# create signing-request ?
Description: Available keyrings
Possible completions:
  bluecoat-appliance  default  default_ca  sslkey
1.1.1.1(config-ssl)# create signing-request default ?
Possible completions:
  subject   Certificate subject (e.g."C=US,ST=CA,O=Symantec,CN=example")

1.1.1.1(config-ssl)# create signing-request sslkey
Value for 'subject' (): "C=US,ST=TON,O=Symantec,CN=Test"
  ok

;=====================================================================

View the CSR for export.

Now that the CSR has been created, you can view and copy it from the CLI.  

Example:
ssl view signing-request default
You will now see the signing request.  

Installing the certificate.

Since this is going to be the certificate for the Management Center console, it will need to be imported into the default slot.  Use this command from "configure terminal mode" to import the signed certificate:

ssl inline certificate default

You should now be able to paste the certificate into Mangement Center.

Restart the Management Center services:

system-services restart-management-center