Specifications

9-5
VPN 3000 Series Concentrator Reference Volume II: Administration and Monitoring
78-13274-01
Chapter 9 Certificate Management
Administration | Certificate Management | Enrollment
Subject Alternative Name (FQDN)
Enter the fully qualified domain name for this VPN Concentrator that identifies it in this PKI, for
example: vpn3030.cisco.com. This field is optional. The alternative name is an additional data field in
the certificate, and it provides interoperability with many Cisco IOS and PIX systems in LAN-to-LAN
connections.
Key Size
Click the Key Size drop-down menu button and choose the algorithm for generating the public-key /
private-key pair, and the key size. If you are requesting an SSL certificate, you must select an RSA
choice.
RSA 512 bits = Generate 512-bit keys using the RSA (Rivest, Shamir, Adelman) algorithm. This
key size provides sufficient security and is the default selection. It is the most common, and requires
the least processing.
RSA 768 bits = Generate 768-bit keys using the RSA algorithm. This key size provides normal
security. It requires approximately 2 to 4 times more processing than the 512-bit key.
RSA 1024 bits = Generate 1024-bit keys using the RSA algorithm. This key size provides high
security, and it requires approximately 4 to 8 times more processing than the 512-bit key.
DSA 512 bits = Generate 512-bit keys using DSA (Digital Signature Algorithm).
DSA 768 bits = Generate 768-bit keys using the DSA algorithm.
DSA 1024 bits = Generate 1024-bit keys using the DSA algorithm.
OK / Cancel
To generate the certificate request, click OK. The Manager displays the Administration | Certificate
Management | Enrollment | Request Generated screen, and then opens a browser window showing the
certificate request.
To discard your entries and cancel the request, click Cancel. The Manager returns to the Administration
| Certificate Management screen.