On Tue, 2013-07-23 at 11:10 +0200, Manu Chao wrote: > I need openssl assistance since Cisco ISE cannot generate a CSR in > X.509 format. > > I get both .pem and .pvk files from Cisco ISE export.
OpenSSL 1.0.1e seems to support PVK files; the 1.0.0e version from Fedora 17 does not. To convert you PVK file to something that can be used by "openssl req": openssl rsa -in keyfile.pvk -inform pvk -out private-key.pem After this you can use the regular OpenSSL commands: openssl req -new -key private-key.pem -out request.csr If you need anything special like subjectAltName or extensions in your certificate you need to supply a custom configuration file. Take a look at "man 5 config" for details on the configuration file syntax. This might be worth a read: http://www.openssl.org/docs/HOWTO/certificates.txt -- Peter _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
