Why do I receive an Invalid CSR error trying to submit a CSR generated by Cisco ACS? — Technote Article

SSL Certificates

Securing Your Online Business

Entrust Certificate Services Support Knowledge Base

Audience: Administrator
Last Modified: 2007-02-21 13:59:02.0

TN 7063 - Why do I receive an Invalid CSR error trying to submit a CSR generated by Cisco ACS?

Problem: You are generating a CSR (certificate signing request) with Cisco ACS through your ASDM 5.2 ASA interface, submit your CSR and receive the message that there was a problem creating your certificate or invalid CSR (PKCS10)

Solution: When generating the CSR, (from trustpoint) please add in the distinguished name sequence to appear in order as follows:

CN, O, C

CN is the common name value

O is the Organization name value

C is the Country code value (2 letter ISO)

Do not use Subject Alternative Name fields.

This will create a valid PKCS10.

Affected Products:

Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
Entrust Certificate Services 1 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
Entrust Certificate Services 2 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable
Entrust Certificate Services 2 Year SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable

SSL Certificates

Extended Validation (EV)

Advantage SSL

Standard SSL

Unified Communications

Code Signing Certificates

Adobe CDS

Support

Entrust.com
1-866-267-9297
entrust@entrust.com