Generate CSR on Cisco ACE

To generate the CSR required for a SSL certificate, follow the instructions below:

Logon to Primary ACE

conf t
no crypto  csr-params www.domain.com
crypto csr-params www.domain.com
country GB
state London
organization-name Organisation Ltd
common-name www.domain.com
serial-number 1001
email user@domain.com

crypto generate key 2048 2012-www.domain.com.key
crypto generate csr www.domain.com 2012-www.domain.com.key

Ensure the CSR is output to screen and the copy and paste to notepad.

Export the keyfile to a TFTP server

crypto export 2012-www.domain.com.key tftp 10.0.0.10 2012-www.domain.com.key
wr mem

Logon to the Secondary ACE

crypto import tftp 10.0.0.10 2012-www.domain.com.key 2012-www.domain.com.key
wr mem

To roll this change back (only if required)

Logon to the PrimaryACE

conf t
no crypto csr-params www.domain.com
crypto delete 2012-www.domain.com.key
wr mem

Logon to the Secondary ACE

crypto delete 2012-www.domain.com.key
wr mem