Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2016-06-29 09:43:13.0

Creating an Entrust SSL certificate for Cisco SCA

Article Number: 46288

How to create your Private Key:
Please issue the following commands to create your private key:
# config 
# ssl 
# key new_key create 
# genrsa bits 1024 encrypt des output entrust_key

You can specify up to 2048 as the bit length for the key. You must enter a password this key. Do not forget this password.
How to create your CSR:
Please issue the following command to create your CSR:
# gencsr key entrust_key

This command uses entrust_key as the identifier for the key that was just generated. The CSR must correspond to a key that you have created. You will need to specify the following fields in your CSR:
Common name: Enter the domain that is to be secured on the certificate. This is usually a fully qualified domain name (e.g. mydomain.com).
Organization: Enter the legal business name of the organization.
Organizational Unit: Enter the your department name (e.g. IT).
City/Locality: The city in which your company is currently located.
State/Province: The state in which your company is currently located.
Country/Region: Select your country/Region.
How to Install your Certificate:
First, you must install your webserver certificate. Copy your certificate from the browser and paste it into a text editor. Save it as a .crt file.
You can install your certificate by using the following command
# enable
# configure
# cert Entrust_cert create
# pem-paste

Copy your certificate from the browser and paste it into the Cisco prompt. Your certificate has been stored as Entrust_Cert.
You must now install the Entrust Root Certificate. Please verify which root certificate you need. You can obtain the root here:
Simply copy and paste the root certificate into a text editor and save it as a entrustroot.crt
# ssl 
# cert EntrustRoot create 
# pem entrustroot.crt

Next, you will need to install the Entrust Intermediate Certificate (Cross Certificate)
Copy the Cross Certificate from the browser and save it as entrustInt.crt. Use the following command to store this certificate:
# ssl 
# cert EntrustInt create 
# pem entrustInt.crt

# certgroup CACertGroup create 
# cert EntrustInt
# cert EntrustRoot
# end 
You must now create a logical server:
# server server1 create 
# ip address 
# localport 443 
# remoteport 81 
# secpolicy myPol 
# certgroup chain CACertGroup 
# cert new_cert 
# key new_key 
# finished 
# write flash

The certificate is now installed.


Affected Products:

  • Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable