Menu

US Region

Grandmetric LLC
Brookfield Place Office
200 Vesey Street
New York, NY 10281
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com

EMEA Region

GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com

  • en
  • pl

    • Cisco FMC – installing certificate for pxGRID

    Home Knowledge Base Design & Configure Cisco FMC – installing certificate for pxGRID

    Design & Configure

    Cisco FMC – installing certificate for pxGRID

    Technology: Network Security
    Area: Next Generation Firewalls
    Vendor: Cisco
    Software: FMC 5.X, 6.X
    Platform: Firepower Management Center VM

    Generating FMC Certificate for pxGrid services

    1. Request

    root@firepower:/Volume/home/admin# openssl req -new -key fmc.key -out fmc.csr

    Enter pass phrase for fmc.key:

    You are about to be asked to enter information that will be incorporated

    into your certificate request.

    What you are about to enter is what is called a Distinguished Name or a DN.

    There are quite a few fields but you can leave some blank

    For some fields there will be a default value,

    If you enter ‘.’, the field will be left blank.

    —–

    Country Code []:PL

    State or Province Name []:

    Locality Name []:

    Organization Name []:Grandmetric

    Organizational Unit Name []:

    Common Name []:firepower

    Email Address []:

    root@firepower:/Volume/home/admin#

    root@firepower:/Volume/home/admin#

    root@firepower:/Volume/home/admin#

    root@firepower:/Volume/home/admin# ls

    fmc.csr  fmc.key

    root@firepower:/Volume/home/admin#

     

    2. You can display the key

    root@firepower:/Volume/home/admin# more fmc.key

    —–BEGIN RSA PRIVATE KEY—–

    Proc-Type: 4,ENCRYPTED

    DEK-Info: DES-EDE3-CBC,2D55612F1DD59A3F

    Y3FpNJKTOf4gcHjICY6ln9fzn6WBUA0sUKt4hQv6h2mkrNVCbkGxRUqmm3pfSRKp

    57/uC54mm3yqj/nS2hlm6nmrohpEKo2mqJgVDQq2NbSjYieIU0encUUCSEbdsNd2

    lUvUlaa5INbyGxdJOS3MBkOZDkM0Vvnqf9pO81Dfavgnt8UbRRitfT+PJ5hsEwcs

    JTP5L72kzJS8GY8VVyUFTQDx44GJ5A4cHFXWBKQldpeRsCZWSghVtM93dGTQNCcm

    dV2sDu5wUVBmomvjEhkscxuRpZYkCMHaIcWPslI0LbS8LWd5JauET2c1dnZmcZJN

    +lkYoDDL3Ylk49OR1EWTdhlche8kFJoQhJ25N8xwxKyHAdKAyHe5v/dSb/S4LN1H

    Vblo9rjtQr/McYqh9peoD8pQuqqGLVvLPzci1FPn41ORSAbDt2dhXoIttnakQIcQ

    Mmfoq9aE5zHFJtzYRGnl74YkH4xuCrwMKRuBgy2mAalrxtXFZ4xi4FmddD/MIgSY

    L6BXeV0x7zYP9sJiy33ZhVDn4kQOU3jEILsj00b6g1uCdBRzuOixMElL0qNCrcVZ

    rqWWahPxtmS5PL1YrcQ8qyBXp2z/lSNocY+zmCkSJtvPKGhKFNkCTMZfzxRf2Qa1

    tkFKL1ry3qvBaPFg2bzqiAipZGChiHgw0ORhjA6FPYyUXX6mSJG5Ot3NX7xVOQhU

    GwqHFGvMXX7AFTIqmtgD6yOetkb2JyhOaANtAkMHcfEaZKOTr0XX23BsYPgjQdb3

    FGTQmlVHa1O9Wi8CjsiMozYFTLKjzKyDsuNkPhGEELnj+gwxKIugA72nIakD2sJt

    RkCFDuEF8jxLNCKZi1jfcVn2nHlgJQb0Tpxpp7EjUHOluSBRbOK/ZhGQXynlmzka

    Tw8uHQJD5CtnJ6y3ZglcYFYay87UUFtHZNvt2sBW53xj6UQwjMbKAXpJuWTI+GbB

    m/hGLmwdoOM8paOgTworsEdhcwbYPuBBy1zZtqCB2F9N0QbsRNYaRIV0j2o09Rnj

    8oKFXYVS1/YXXs0WEy13p8fxziNj1ziW9OQ+aAFLd5hhrctjz5af7rc5F6PEB8G9

    Cr79ZyrQcY2OKWbAyLmO2RRomSjjW7xrbL1EWJA6LTC7SXo3xHnT0IJ9gCTYSn80

    lMMqCRBuDtrdQ5HEz0aESuSUhQ7Boa5oPlQfrwJn7rnn4GR9LgVlRg7P5+OLeEqN

    jjO9AlyWAFCaFhfh17YogunUa2/VLSRaICdLXakYY6/GUoMfuG2bn95LVf+uVCFO

    4MAacQzHNP3jWR7hlRb4DJ2UKqjvfh490T3BhedGI07HIXdBGCz88zsW0ZPHUHhj

    O9PqB+o6OTAj4zWMYwR6GPnHL/7HoBd6drjAR0D7hc4mxGbjnRSYxRIOZV3Pq9Ci

    b6c+Vll62+ms2dYbOepi5Gdz5SHRVhWPbfKHl5HBV0VMfT0sjyyqPy21Uw3mt4Ye

    Ykj+TzEiEbohmysQ8wmG6cFa2pC0SURSFyULaMQ7Rtu6TWjfdm0AkqnP/NmgNoUX

    EneBzEvcZtFK1+jc9maOm+FvmUAstsQB1VRfJrDgBQVRhRI3N2zXPaZbF8GIXXFe

    LWAZmNOrRjcywDuUkTOfmCBokHK7CVUnDCrgn7Tuteoa+ROfglCCovwwP8fhLDOI

    XMXKA7V/+Et5+8G7P34m4yGPVDACLpUbgGoAHFbx/JeQ9Fcp8sQL1eg3gZPw+GLU

    fhM8P8lOz2nEEV3oVq6C2u7+V/J1nsKqKe6DSSyUpvR01fD+6b+kEQ1lCrJL0wTp

    kCQtAZbTS57rdIVoNCOoP0W29sReskcv4wW2qm0jYDLXma2h3O5fEmRO5ruWswZJ

    DWARdj0PQj7T1YN9jrrUc3ewXdZzPGQPLZUxCopK2/lXqDhGRvJMUikKHzA+85Ct

    M/fqNWBhqmqNEvRjYqfJP5WOm1hhzv1h+SFHXxshS9AeCbHfhJZ9r3S8/S5637HN

    dmm/7N8NgO/X6TmMT+ORsqJipraEXseL6pjezDH8b1G8a+I2zejCJ/nIVoBta4Uj

    tr+7BhM5ZJcsSB/vRjgoTruztN8MsvtXqy6/Ux+xgRFP2DqFMBBvB5mSY/nQMn/3

    ggDHDSuvR359NISUiOzHeiRG+H5x+ikycZH5F0ANehndFrqmpcbd+aa0iRdyQnL6

    +hpcoDl+3j97uwP6sN/N077lSzNfFalCoiyXgUptJmDEl1eimWDskiVPr+ezJHC7

    /CEZJbdIjSWuruefm6/RlEc/t+sVm1awP9bsNDUsRfkgCycLynSRzkIYWFX9jhdQ

    7ic+kVzD3P9/hoiVCCfOqVGL52OuEZh35UM01FXR5zS1JEuPRHSXDnrNJGvq0W0f

    eK7y2YNtmM/vi3bTg4sP8OXZU4aUZNQk+lpUP2qkMwA0L1SlK6wc1eTLwJXuGxml

    /FkWGfEpzS6Z6O5nwn6bWF/T9HCAvO++LSo/dmx4Jliveft19fFbKsbFElWmJVhp

    yY9Nf6GLkH2OxQ7CkBw0qITXbW9nwcRCLbYw0RY67phdjwMjJZn+CYvOfzvKGLVs

    —–END RSA PRIVATE KEY—–

    3. And the request (CSR) and send for signing

    —–BEGIN CERTIFICATE REQUEST—–

    MIIEfDCCAmQCAQAwNzELMAkGA1UEBhMCUEwxFDASBgNVBAoTC0dyYW5kbWV0cmlj

    MRIwEAYDVQQDEwlmaXJlcG93ZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK

    AoICAQCZy3rNUgtXI+dgu7lFKUco9yyr8zCI4W76plMrjdNDeBSS8yjYoK9kE7It

    d3QiLScP2APkZo6dqT7Le1o+bnsOhX85HxvjvobNVv29RuUCHJw7WRAdL2NHEXFC

    0QFQo7ASlv5rxeDckzXbJSehHzRjb/22INr6kpKzqwAdWbL8rmDP14hEyqvCGtvS

    7kQ11i+I6M+8QRprLvmZEqjO3CkysVC6XXrJIslFpfYLGiHg0ZBa3A+GTW/ugcat

    7eiVBun/XAKJCSUpvLraz4iv18DfudILbRt84JvhSmEuQxN/9nigmo0qqgikQcp3

    VbrDsJOAHb/k2g2Zmcz7T/tlKWBi0RhQ6gpR73Yd1v0PxrMKoebZjz+JnqehKTzw

    UAOHx7Za6ETFouNHYGEP0xCckaDkqbu095paqmolgnSvtG1PTn86D/uu9BpMoT+y

    0/7TO2/zbYCmCVoCckIXW3JH3dYyl5/3rCGWD8UsGZmTzf3UCOQouwoXt9cZJfIr

    xfvA/8uT7lWLa6MUPpznWlTmN5AaNDA688oMM5anSzXGWsm/YxaSPwRLwdG9haw+

    C0Mv3l0JjsPuK0ZopAjfBe04/UL0wKhAJ9dbOhZWxc94vYXH9T1BXWGcqV1NfWDw

    Ya6GAn4Dk+mmngjPrkw4PdANOpXaBC5+8hb5D+fCdoli1Fw//QIDAQABoAAwDQYJ

    KoZIhvcNAQELBQADggIBACfNjn1Nce6wRueScf68ufGOxb7qIPTHfi0P9/e7xl3D

    9fr4KKZQpipUQx6013pqcyhQ2LFc/DBUnqUQ2ZXNpHTE2BD4l3ytlDxZVLpFgFGj

    mrIlYNqeoHxFjNzPbbhvw20Ono2Xis7OISSwC6NI4eTGVTKk/mr7FZUTD7M/qxfi

    /348T0+i+aSHqa5mzzM8k3HJuy73TD4TG9Jip+NFDVl2vIoq1mBbwOiCCyB2PWDm

    Bi+iv1XS8Mecp9N1gqpIH7JBUKRdBqZOKz3mdHbJYtJpPIrStz0PlQNG7jLLlyik

    f+Q2YB0THzKTg/RRzLAXPnTpCpdDdeGzVUatqEvaQ0w9ygtnLDbsgJaQW/WHXEMU

    1BfRhf18CDtLTX0pRr6bfKvg0gqqQBrzt0jH70nveUerM1cS/3dgmTmtgXJe69Fs

    —–END CERTIFICATE REQUEST—–

     

    4. The final part is  importing the signed certificate. Now from FMC GUI (objects -> PKI)

     

     

    Author: Marcin Bialy
     
    Tags
    active standby Adaptive Security Appliance broadcast Cisco Cisco ASA Firepower cisco EIGRP Cisco FMC Cisco FMC - installing certificate for pxGRID cisco ise cisco ise deployment config configuration containers devops docker dockerfile eigrp Enhanced Interior Gateway Routing Protocol
    Grandmetric