Cisco Content Services Switch (CSS) 11500

Generate a private key

Generating a private key can be done with one command:

ssl genrsa myrsakey.pem 2048 "yourpassword"

The myrsakey.pem is the filename of the private key that you will create. The 2048 means that the private key will be a 2048-bit private key (which is recommended). Please replace yourpassword with a strong password. Do not lose your password - you will no longer be able to use the private key if it is lost.

Associate the RSA key pair file

Before generating the CSR, you will need to associate the private key that was just generated with a private key pair name:

ssl associate rsakey myrsakey1 myrsakey.pem

The myrsakey.pem is the filename of the private key that you just created. In this case, the myrsakey.pem is the private key pair name.

Protect your new private key for a digital certificate

  1. Never give this file to anyone outside your company. Also restrict the access to it to the smallest possible group of employees.
  2. When you get your certificate, you must install this private key in a secure folder that has limited access to a root user and is protected with read-only permission.
  3. Backup your private key. There is no way to recover it if it is lost. Protect that backup with additional security such as an encrypted or password-protected backup. Your private key is integral to the digital certificate process.
  4. If you suspect that your private key is compromised, alert Trustwave® immediately. Trustwave® will revoke your certificate so that you can generate a new private key and CSR. You can then submit the new CSR for Trustwave® to reissue your certificate.

Generate the CSR

Now you can generate the CSR and store it in the key pair:

ssl gencsr myrsakey1

Certificate Information Guidelines

Location - Enter the location where your business operates, not where your server is located. If you are an international customer in a country without a State/Province or City/Locality, leave those fields blank.

  • Country Name - Enter the two letter International Organization for Standardization (ISO) abbreviation of the country where your organization is legally located.
  • State/Province - Spell out the entire name of your state or province. For example, if your business operates in Texas, enter "Texas" and not "TX".
  • City/Locality - Spell out the entire name of your city or locality.

Organization - Enter the full, unabbreviated legal name of your business. Include any applicable suffix, such as "Inc" or "LLC". If your company name is registered in an abbreviated form, then you may use that abbreviation if you want.

Organizational Unit - This field will not be included in your certificate, so you can leave it blank.

Common Name - Enter the web address of your site. It must be a fully qualified domain name. Both and are acceptable. Do not include http:// or https://. When ordering a wildcard Server Certificate, you will use *

Email Address - Enter the address of the person responsible for digital certificates in your organization. This field is optional.

The Cisco CSS will display a CSR in the display area in text form. You can copy and paste the CSR directly from the Cisco CSS, or copy and paste it into a text editor, such as notepad.

Submit the CSR to Trustwave®

Now navigate to the location of your saved CSR and open it with a suitable text editor such as Notepad, TextEdit, or vi. Copy the entire text - including the top and bottom dashed lines. You can paste this text directly into the Trustwave® Control Center - Submit your CSR to proceed to validation.

Certificate Analyzer

Once you have completed your certificate installation you can use our instant online troubleshooter to verify your installation and help resolve problems.
Certificate Analyzer→

Go Green