Certificate Signing Request (CSR) Generation Instructions - Cisco ACS 4.2

Solution ID:    SO22402    Updated:    10/04/2016


This document was created to assist with the generation of a Certificate Signing Request (CSR) for Cisco ACS 4.2. If this document can not be used within the environment, RapidSSL recommends contacting an organization that supports Cisco ACS.

NOTE: As of 1/1/2016 all public SSL certificates must be issued as SHA-256 with at least a 2048-bit key size.  Please ensure that the server can support these standards before requesting a certificate.

To generate a Certificate Signing Request (CSR), please perform the following steps:

  1. In the navigation bar, click System Configuration
  2. Click ACS Certificate Setup > Generate Certificate Signing Request.
  3. Cisco Secure ACS displays the Generate Certificate Signing Request page.  In the Certificate Subject box, type the values for the required fields. Separate each field and value with a comma. For example:

    CN=www.bbtest.net, O=Symantec Corporation, OU=Technical Support, C=US, S=California, L=Mountain View

    Country Name (C): Use the two-letter ISO code without punctuation for the country, for example: US
    State or Province (S): Enter the state or province where the organization is headquartered.  Do not abbreviate, for example: California
    Locality or City (L): The Locality field is the city or town name, for example: Mountain View
    Organization (O): Enter the organization name as it is registered.  Avoid special characters.  For example:  Symantec Corporation
    Organizational Unit (OU): This field is the name of the department or business unit making the request.  For example, Technical Support
    Common Name (CN): The Common Name is the host + domain. For example, www.bbtest.net or *.bbtest.net for a wildcard.
  4. In the Private Key File box, type the full directory path and name of the file in which the private key is saved. For example: C:\privatekeyfile.pem
  5. In the private key password box, create a private key password for your private key.  RapidSSL can not recover lost private key passwords.
  6. In the Retype Private Key Password box, retype the private key password.
  7. From the Key Length list, select the 2048 bit length of the key to be used.             
  8. From the Digest to Sign With List, select the digest (or hash algorithm). Use SHA-256.  If SHA-256 is not available, SHA-1 is acceptable for the CSR.  The SSL certificate will be issued as SHA-256.
  9. Click Submit.
  10. Cisco Secure ACS displays a CSR on the right side of the browser.  Copy and paste the full CSR text into a plain text editor (such as Notepad or Vi) and save the file with a .TXT extension. 
  11. During certificate enrollment, you will be asked to select a server platform. Choose Apache - HTTP Server.  When prompted for the CSR, use a pain text editor to open the CSR file.  Submit the full text of the CSR including the header and footer lines.

Once the SSL certificate has been issued, refer to this link for installation instructions.


For additional information and steps on Cisco ACS products, please check the Cisco website



RapidSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, RapidSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. RapidSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, RapidSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. RapidSSL reserves the right to make changes to any information herein without further notice.

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Find Answers

Search Tips