Specifications
Creating Keys and Certificates
RoamAbout Mobility System Software Configuration Guide 16-9
Creating a CSR and Installing a Certificate from a PKCS #7 Object File
Aftercreatingapublic‐privatekeypair,youcanobtainasignedcertificateofauthenticityfroma
CAbygeneratingaCertificateSigningRequest(CSR)fromtheRoamAboutswitch.ACSRisatext
blockwithanencodedrequestforasignedcertificatefromtheCA.
1. Togeneratearequestfor
aCA‐signedcertificate,usethefollowingcommand:
crypto generate request {admin | eap | web}
Whenprompted,entervaluesforeachofsixidentificationfields.
Youmustincludeacommonname(string)whenyougenerateaCSR.Useafullyqualified
nameifsuchnamesaresupportedonyournetwork.Theotherinformationisoptional.For
example:
RBT-8100# crypto generate request admin
Country Name: US
State Name: MI
Locality Name: Detroit
Organizational Name: example
Organizational Unit: eng
Common Name: RBT-8100 - 12
Email Address: admin@example.com
Unstructured Name: south tower, wiring closet 125
Whencompletedsuccessfully,thecommandreturnsaPrivacy‐EnhancedMail(PEM)‐
formattedPKCS #10CSR.PEMencodingisawayofrepresentinganon‐ASCIIfileformatin
ASCIIcharacters.TheencodedobjectisthePKCS #10CSR. GivetheCSRtoaCAandreceivea
signedcertificate(aPEM‐encodedPKCS #7
objectfile).
2. ToinstallacertificatefromaPKCS #7file,use thefollowingcommandtopreparetheswitchto
receiveit:
crypto certificate {admin | eap | web} PEM-formatted certificate
3. UseatexteditortoopenthePKCS #7file,andcopyandpastetheentiretextblock,including
thebeginningandendingdelimiters,intotheCLI.
Note: Many certificate authorities have their own unique requirements. Follow the instructions in the
documentation for your CA to properly format the fields you complete when generating a CSR.
Note: You must paste the entire block, from the beginning -----BEGIN CERTIFICATE REQUEST-----
to the end -----END CERTIFICATE -----.