Technology: Network Security
Area: Next Generation Firewalls
Vendor: Cisco
Software: FMC 5.X, 6.X
Platform: Firepower Management Center VM
1. Request
root@firepower:/Volume/home/admin# openssl req -new -key fmc.key -out fmc.csr
Enter pass phrase for fmc.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Code []:PL
State or Province Name []:
Locality Name []:
Organization Name []:Grandmetric
Organizational Unit Name []:
Common Name []:firepower
Email Address []:
root@firepower:/Volume/home/admin#
root@firepower:/Volume/home/admin#
root@firepower:/Volume/home/admin#
root@firepower:/Volume/home/admin# ls
fmc.csr fmc.key
root@firepower:/Volume/home/admin#
2. You can display the key
root@firepower:/Volume/home/admin# more fmc.key
—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,2D55612F1DD59A3F
Y3FpNJKTOf4gcHjICY6ln9fzn6WBUA0sUKt4hQv6h2mkrNVCbkGxRUqmm3pfSRKp
57/uC54mm3yqj/nS2hlm6nmrohpEKo2mqJgVDQq2NbSjYieIU0encUUCSEbdsNd2
lUvUlaa5INbyGxdJOS3MBkOZDkM0Vvnqf9pO81Dfavgnt8UbRRitfT+PJ5hsEwcs
JTP5L72kzJS8GY8VVyUFTQDx44GJ5A4cHFXWBKQldpeRsCZWSghVtM93dGTQNCcm
dV2sDu5wUVBmomvjEhkscxuRpZYkCMHaIcWPslI0LbS8LWd5JauET2c1dnZmcZJN
+lkYoDDL3Ylk49OR1EWTdhlche8kFJoQhJ25N8xwxKyHAdKAyHe5v/dSb/S4LN1H
Vblo9rjtQr/McYqh9peoD8pQuqqGLVvLPzci1FPn41ORSAbDt2dhXoIttnakQIcQ
Mmfoq9aE5zHFJtzYRGnl74YkH4xuCrwMKRuBgy2mAalrxtXFZ4xi4FmddD/MIgSY
L6BXeV0x7zYP9sJiy33ZhVDn4kQOU3jEILsj00b6g1uCdBRzuOixMElL0qNCrcVZ
rqWWahPxtmS5PL1YrcQ8qyBXp2z/lSNocY+zmCkSJtvPKGhKFNkCTMZfzxRf2Qa1
tkFKL1ry3qvBaPFg2bzqiAipZGChiHgw0ORhjA6FPYyUXX6mSJG5Ot3NX7xVOQhU
GwqHFGvMXX7AFTIqmtgD6yOetkb2JyhOaANtAkMHcfEaZKOTr0XX23BsYPgjQdb3
FGTQmlVHa1O9Wi8CjsiMozYFTLKjzKyDsuNkPhGEELnj+gwxKIugA72nIakD2sJt
RkCFDuEF8jxLNCKZi1jfcVn2nHlgJQb0Tpxpp7EjUHOluSBRbOK/ZhGQXynlmzka
Tw8uHQJD5CtnJ6y3ZglcYFYay87UUFtHZNvt2sBW53xj6UQwjMbKAXpJuWTI+GbB
m/hGLmwdoOM8paOgTworsEdhcwbYPuBBy1zZtqCB2F9N0QbsRNYaRIV0j2o09Rnj
8oKFXYVS1/YXXs0WEy13p8fxziNj1ziW9OQ+aAFLd5hhrctjz5af7rc5F6PEB8G9
Cr79ZyrQcY2OKWbAyLmO2RRomSjjW7xrbL1EWJA6LTC7SXo3xHnT0IJ9gCTYSn80
lMMqCRBuDtrdQ5HEz0aESuSUhQ7Boa5oPlQfrwJn7rnn4GR9LgVlRg7P5+OLeEqN
jjO9AlyWAFCaFhfh17YogunUa2/VLSRaICdLXakYY6/GUoMfuG2bn95LVf+uVCFO
4MAacQzHNP3jWR7hlRb4DJ2UKqjvfh490T3BhedGI07HIXdBGCz88zsW0ZPHUHhj
O9PqB+o6OTAj4zWMYwR6GPnHL/7HoBd6drjAR0D7hc4mxGbjnRSYxRIOZV3Pq9Ci
b6c+Vll62+ms2dYbOepi5Gdz5SHRVhWPbfKHl5HBV0VMfT0sjyyqPy21Uw3mt4Ye
Ykj+TzEiEbohmysQ8wmG6cFa2pC0SURSFyULaMQ7Rtu6TWjfdm0AkqnP/NmgNoUX
EneBzEvcZtFK1+jc9maOm+FvmUAstsQB1VRfJrDgBQVRhRI3N2zXPaZbF8GIXXFe
LWAZmNOrRjcywDuUkTOfmCBokHK7CVUnDCrgn7Tuteoa+ROfglCCovwwP8fhLDOI
XMXKA7V/+Et5+8G7P34m4yGPVDACLpUbgGoAHFbx/JeQ9Fcp8sQL1eg3gZPw+GLU
fhM8P8lOz2nEEV3oVq6C2u7+V/J1nsKqKe6DSSyUpvR01fD+6b+kEQ1lCrJL0wTp
kCQtAZbTS57rdIVoNCOoP0W29sReskcv4wW2qm0jYDLXma2h3O5fEmRO5ruWswZJ
DWARdj0PQj7T1YN9jrrUc3ewXdZzPGQPLZUxCopK2/lXqDhGRvJMUikKHzA+85Ct
M/fqNWBhqmqNEvRjYqfJP5WOm1hhzv1h+SFHXxshS9AeCbHfhJZ9r3S8/S5637HN
dmm/7N8NgO/X6TmMT+ORsqJipraEXseL6pjezDH8b1G8a+I2zejCJ/nIVoBta4Uj
tr+7BhM5ZJcsSB/vRjgoTruztN8MsvtXqy6/Ux+xgRFP2DqFMBBvB5mSY/nQMn/3
ggDHDSuvR359NISUiOzHeiRG+H5x+ikycZH5F0ANehndFrqmpcbd+aa0iRdyQnL6
+hpcoDl+3j97uwP6sN/N077lSzNfFalCoiyXgUptJmDEl1eimWDskiVPr+ezJHC7
/CEZJbdIjSWuruefm6/RlEc/t+sVm1awP9bsNDUsRfkgCycLynSRzkIYWFX9jhdQ
7ic+kVzD3P9/hoiVCCfOqVGL52OuEZh35UM01FXR5zS1JEuPRHSXDnrNJGvq0W0f
eK7y2YNtmM/vi3bTg4sP8OXZU4aUZNQk+lpUP2qkMwA0L1SlK6wc1eTLwJXuGxml
/FkWGfEpzS6Z6O5nwn6bWF/T9HCAvO++LSo/dmx4Jliveft19fFbKsbFElWmJVhp
yY9Nf6GLkH2OxQ7CkBw0qITXbW9nwcRCLbYw0RY67phdjwMjJZn+CYvOfzvKGLVs
—–END RSA PRIVATE KEY—–
3. And the request (CSR) and send for signing
—–BEGIN CERTIFICATE REQUEST—–
MIIEfDCCAmQCAQAwNzELMAkGA1UEBhMCUEwxFDASBgNVBAoTC0dyYW5kbWV0cmlj
MRIwEAYDVQQDEwlmaXJlcG93ZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCZy3rNUgtXI+dgu7lFKUco9yyr8zCI4W76plMrjdNDeBSS8yjYoK9kE7It
d3QiLScP2APkZo6dqT7Le1o+bnsOhX85HxvjvobNVv29RuUCHJw7WRAdL2NHEXFC
0QFQo7ASlv5rxeDckzXbJSehHzRjb/22INr6kpKzqwAdWbL8rmDP14hEyqvCGtvS
7kQ11i+I6M+8QRprLvmZEqjO3CkysVC6XXrJIslFpfYLGiHg0ZBa3A+GTW/ugcat
7eiVBun/XAKJCSUpvLraz4iv18DfudILbRt84JvhSmEuQxN/9nigmo0qqgikQcp3
VbrDsJOAHb/k2g2Zmcz7T/tlKWBi0RhQ6gpR73Yd1v0PxrMKoebZjz+JnqehKTzw
UAOHx7Za6ETFouNHYGEP0xCckaDkqbu095paqmolgnSvtG1PTn86D/uu9BpMoT+y
0/7TO2/zbYCmCVoCckIXW3JH3dYyl5/3rCGWD8UsGZmTzf3UCOQouwoXt9cZJfIr
xfvA/8uT7lWLa6MUPpznWlTmN5AaNDA688oMM5anSzXGWsm/YxaSPwRLwdG9haw+
C0Mv3l0JjsPuK0ZopAjfBe04/UL0wKhAJ9dbOhZWxc94vYXH9T1BXWGcqV1NfWDw
Ya6GAn4Dk+mmngjPrkw4PdANOpXaBC5+8hb5D+fCdoli1Fw//QIDAQABoAAwDQYJ
KoZIhvcNAQELBQADggIBACfNjn1Nce6wRueScf68ufGOxb7qIPTHfi0P9/e7xl3D
9fr4KKZQpipUQx6013pqcyhQ2LFc/DBUnqUQ2ZXNpHTE2BD4l3ytlDxZVLpFgFGj
mrIlYNqeoHxFjNzPbbhvw20Ono2Xis7OISSwC6NI4eTGVTKk/mr7FZUTD7M/qxfi
/348T0+i+aSHqa5mzzM8k3HJuy73TD4TG9Jip+NFDVl2vIoq1mBbwOiCCyB2PWDm
Bi+iv1XS8Mecp9N1gqpIH7JBUKRdBqZOKz3mdHbJYtJpPIrStz0PlQNG7jLLlyik
f+Q2YB0THzKTg/RRzLAXPnTpCpdDdeGzVUatqEvaQ0w9ygtnLDbsgJaQW/WHXEMU
1BfRhf18CDtLTX0pRr6bfKvg0gqqQBrzt0jH70nveUerM1cS/3dgmTmtgXJe69Fs
—–END CERTIFICATE REQUEST—–
4. The final part is importing the signed certificate. Now from FMC GUI (objects -> PKI)