It's not a requirement to generate a CSR from the CAM itself. You can do this from any Unix/Linux/MacOS machine using OpenSSL:
Create a host.key file (private key) using openssl or download it from the CAM. Then, from within the same directory as the host.key, create the CSR as follows, answering the questions as relevant to your CAM: openssl req -new -nodes -key host.key -out host.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:Rochester Organization Name (eg, company) [Internet Widgits Pty Ltd]:University of Rochester Organizational Unit Name (eg, section) []:NCS/Telecommunications Division Common Name (eg, YOUR name) []:netauth2.urmc-sh.rochester.edu Email Address []:[EMAIL PROTECTED] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:Medical Center ISD I typically don't enter a challenge password. Save the host.key and CSR to a safe place, and submit the host.csr CSR file to your CA for signing. Once you receive your signed CA, import it and your host.key (private key) back into the CAM. No downtime is necessary. NOTE: We use DigiCert as our CA, and they're an intermediate CA to Entrust So, it's necessary to append the Entrust root CA to the signed CA before importing into the CAM (this is called a chain of trust). It's just text, so copy and paste the root CA into the signed CA. If you are using one of the major CAs, this step isn't necessary. NOTE2: Use the same host.key for all certs you register in case you need to reference it again in the future (after a CAM failure, for example) -- this is way easier to remember than trying to juggle and match different host keys. NOTE3: Don't request a wildcard cert -- they don't work with CCA AFAIK. -- Dave Stempien, Network Security Engineer University of Rochester Medical Center Information Systems Division (585) 784-2427 >> Hi all >> >> Ok, my cert problem is continuing. What it looks like is that I need >> to generate a new temporary cert to request the new cert. Does anyone >> know that, if I do that, it will break the current cert I have >> running? I¹m betting it will but I have to ask. >> >> - Sean >> >> ---- >> >> Sean Hennessey >> >> Networking and Information Security Systems Administrator >> >> The University of Portland >>
