Use this command to gene rate and display a certificate request for HTTPS. This command enters the Crypto Certificate Request mode. The certificate request that is generated using this command is sent to the Certification Authority for signing. The certificate request is generated in Base64-encoded X509 format.
Before generating a certificate request, you must first generate a self-signed certificate using the crypto certificate generate command in Global Configuration mode, to sign the certificate request. Make sure to re-enter the identical values in the certificate request fields as were entered in the self-signed certificate generated by the crypto certificate generate command.
| Format | crypto certificate 1-2 request |
| Mode | Global Config |
Example: The following is an example crypto certificate request.
(Routing)(Config)#crypto certificate 1 request (Routing)(config-crypto-cert-req)#? common-name Specifies the common name. country Specifies the country name. do Run Privileged Exec mode commands. email Specifies the contact email address. exit To exit from the mode. location Specifies the location or city name. organization-name Specifies the organization name organization-unit Specifies the organization internal unit show Display Switch Options and Settings. state Specifies the state or province name. subject-alternative-name Specifies the Subject Alernative Name. (Routing)(config-crypto-cert-req)# exit -----BEGIN CERTIFICATE REQUEST----- MIIBUTCBuwIBAjASMRAwDgYDVQQDDAcwLjAuMC4wMIGfMA0GCSqGSIb3DQEBAQUA A4GNADCBiQKBgQC+pfOyHFIjXe/2DDwedT1GkZKX8PP1/4F35KyaounA35kHGw9x +y+lT5hMfOererTbkLdoM8taPOYipv+gJ978DL8tNMBlMJHAcPokAmuv+PDNYaGK sY1Y+L/Ajge7qh3iCO/HR/wPenKab4fChbyKA5x7GFriPs4YWGxbvlX2wQIDAQAB oAAwDQYJKoZIhvcNAQELBQADgYEADXHN2ScDYGnHfTrqjl6+5XDJW66Pxi4r/JPs BVcF+QKrwItwq6AqGwJDHDVYfvc5FGnpW3vYbfovRuSalbNGmS/iUOXmpjYQryQW AwTt2DTNPxiuZZjumfjT/utWmdFPsaibGyjcZU/HyDDFsrC7ukLWrXro6fbjvxWX mnxt7FQ= -----END CERTIFICATE REQUEST----- (Routing)(config)#
The Subject Alternative Name (SAN) is an extension to the X.509 specification that allows users to specify additional host names for a single SSL certificate. Some browsers will not accept the Common Name field in an SSL certificate and require the SAN field instead.
LCOS SX supports adding the SAN field to the certificate request. The following sample SAN formats are supported.
DNS:example.com DNS:*.example.com DNS:xyz.com,IP:10.10.20.1 DNS.1:myserver.com, DNS.2:xyz.com, IP:10.10.32.1
