Chapter 3
Configuring SSL Certificates and Keys
Preparing a Global Site Certificate
OL-5655-01
key on the CSS. Enter the password as a quoted string with a maximum of 35
characters. The password appears in the CSS running configuration as a
DES-encoded string.
For example, to interactively generate the mycertfile2 certificate, enter:
CSS11503(config)# ssl gencert certkey myrsakey signkey myrsasignkey
myrsacertfile "passwd123"
You are about to be asked to enter information
that will be incorporated into your certificate
request. What you are about to enter is what is
called a Distinguished Name or a DN.
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [US]US
State or Province (full name) [SomeState]New York
Locality Name (city) [SomeCity]Albany
Organization Name (company name) [Acme Inc]Cisco Systems, Inc.
Organizational Unit Name (section) [Web Administration]Web Admin
Common Name (your domain name) [www.acme.com]www.cisco.com
Email address [webadmin@acme.com]webadm@cisco.com
CSS11503(config)#
You must also associate the contents of this temporary certificate to a filename, as
discussed in the
"Associating Certificate and Private Key Files with Names"
section of this chapter.
Export browsers may use 40-bit encryption to initiate connections to SSL servers.
With a conventional server certificate, a browser and server complete the SSL
handshake and use a 40-bit key to encrypt application data.
A global site certificate is an extended server certificate that allows 128-bit
encryption for export-restricted browsers. When the server responds to a browser
with a global certificate, the client automatically renegotiates the connection to
use 128-bit encryption.
If you applied for a global site certificate from the CA, you must obtain both the
global certificate and its intermediate CA certificate. The intermediate CA
certificate validates the global certificate. You can obtain a VeriSign Intermediate
certificate from the following link:
http://www.verisign.com/support/install/intermediate.html
Cisco Content Services Switch SSL Configuration Guide
Preparing a Global Site Certificate
3-11