Menu

US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com

EMEA Region

GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com

UK

Grandmetric LTD
Office 584b
182-184 High Street North
London
E6 2JA
+44 20 3321 5276
info@grandmetric.com

  • en
  • pl

    • Cisco FMC – installing certificate for pxGRID

    Home Knowledge Base Design & Configure Cisco FMC – installing certificate for pxGRID

    Design & Configure

    Cisco FMC – installing certificate for pxGRID

    Technology: Network Security
    Area: Next Generation Firewalls
    Vendor: Cisco
    Software: FMC 5.X, 6.X
    Platform: Firepower Management Center VM

    Generating FMC Certificate for pxGrid services

    1. Request

    root@firepower:/Volume/home/admin# openssl req -new -key fmc.key -out fmc.csr

    Enter pass phrase for fmc.key:

    You are about to be asked to enter information that will be incorporated

    into your certificate request.

    What you are about to enter is what is called a Distinguished Name or a DN.

    There are quite a few fields but you can leave some blank

    For some fields there will be a default value,

    If you enter ‘.’, the field will be left blank.

    —–

    Country Code []:PL

    State or Province Name []:

    Locality Name []:

    Organization Name []:Grandmetric

    Organizational Unit Name []:

    Common Name []:firepower

    Email Address []:

    root@firepower:/Volume/home/admin#

    root@firepower:/Volume/home/admin#

    root@firepower:/Volume/home/admin#

    root@firepower:/Volume/home/admin# ls

    fmc.csr  fmc.key

    root@firepower:/Volume/home/admin#

     

    2. You can display the key

    root@firepower:/Volume/home/admin# more fmc.key

    —–BEGIN RSA PRIVATE KEY—–

    Proc-Type: 4,ENCRYPTED

    DEK-Info: DES-EDE3-CBC,2D55612F1DD59A3F

    Y3FpNJKTOf4gcHjICY6ln9fzn6WBUA0sUKt4hQv6h2mkrNVCbkGxRUqmm3pfSRKp

    57/uC54mm3yqj/nS2hlm6nmrohpEKo2mqJgVDQq2NbSjYieIU0encUUCSEbdsNd2

    lUvUlaa5INbyGxdJOS3MBkOZDkM0Vvnqf9pO81Dfavgnt8UbRRitfT+PJ5hsEwcs

    JTP5L72kzJS8GY8VVyUFTQDx44GJ5A4cHFXWBKQldpeRsCZWSghVtM93dGTQNCcm

    dV2sDu5wUVBmomvjEhkscxuRpZYkCMHaIcWPslI0LbS8LWd5JauET2c1dnZmcZJN

    +lkYoDDL3Ylk49OR1EWTdhlche8kFJoQhJ25N8xwxKyHAdKAyHe5v/dSb/S4LN1H

    Vblo9rjtQr/McYqh9peoD8pQuqqGLVvLPzci1FPn41ORSAbDt2dhXoIttnakQIcQ

    Mmfoq9aE5zHFJtzYRGnl74YkH4xuCrwMKRuBgy2mAalrxtXFZ4xi4FmddD/MIgSY

    L6BXeV0x7zYP9sJiy33ZhVDn4kQOU3jEILsj00b6g1uCdBRzuOixMElL0qNCrcVZ

    rqWWahPxtmS5PL1YrcQ8qyBXp2z/lSNocY+zmCkSJtvPKGhKFNkCTMZfzxRf2Qa1

    tkFKL1ry3qvBaPFg2bzqiAipZGChiHgw0ORhjA6FPYyUXX6mSJG5Ot3NX7xVOQhU

    GwqHFGvMXX7AFTIqmtgD6yOetkb2JyhOaANtAkMHcfEaZKOTr0XX23BsYPgjQdb3

    FGTQmlVHa1O9Wi8CjsiMozYFTLKjzKyDsuNkPhGEELnj+gwxKIugA72nIakD2sJt

    RkCFDuEF8jxLNCKZi1jfcVn2nHlgJQb0Tpxpp7EjUHOluSBRbOK/ZhGQXynlmzka

    Tw8uHQJD5CtnJ6y3ZglcYFYay87UUFtHZNvt2sBW53xj6UQwjMbKAXpJuWTI+GbB

    m/hGLmwdoOM8paOgTworsEdhcwbYPuBBy1zZtqCB2F9N0QbsRNYaRIV0j2o09Rnj

    8oKFXYVS1/YXXs0WEy13p8fxziNj1ziW9OQ+aAFLd5hhrctjz5af7rc5F6PEB8G9

    Cr79ZyrQcY2OKWbAyLmO2RRomSjjW7xrbL1EWJA6LTC7SXo3xHnT0IJ9gCTYSn80

    lMMqCRBuDtrdQ5HEz0aESuSUhQ7Boa5oPlQfrwJn7rnn4GR9LgVlRg7P5+OLeEqN

    jjO9AlyWAFCaFhfh17YogunUa2/VLSRaICdLXakYY6/GUoMfuG2bn95LVf+uVCFO

    4MAacQzHNP3jWR7hlRb4DJ2UKqjvfh490T3BhedGI07HIXdBGCz88zsW0ZPHUHhj

    O9PqB+o6OTAj4zWMYwR6GPnHL/7HoBd6drjAR0D7hc4mxGbjnRSYxRIOZV3Pq9Ci

    b6c+Vll62+ms2dYbOepi5Gdz5SHRVhWPbfKHl5HBV0VMfT0sjyyqPy21Uw3mt4Ye

    Ykj+TzEiEbohmysQ8wmG6cFa2pC0SURSFyULaMQ7Rtu6TWjfdm0AkqnP/NmgNoUX

    EneBzEvcZtFK1+jc9maOm+FvmUAstsQB1VRfJrDgBQVRhRI3N2zXPaZbF8GIXXFe

    LWAZmNOrRjcywDuUkTOfmCBokHK7CVUnDCrgn7Tuteoa+ROfglCCovwwP8fhLDOI

    XMXKA7V/+Et5+8G7P34m4yGPVDACLpUbgGoAHFbx/JeQ9Fcp8sQL1eg3gZPw+GLU

    fhM8P8lOz2nEEV3oVq6C2u7+V/J1nsKqKe6DSSyUpvR01fD+6b+kEQ1lCrJL0wTp

    kCQtAZbTS57rdIVoNCOoP0W29sReskcv4wW2qm0jYDLXma2h3O5fEmRO5ruWswZJ

    DWARdj0PQj7T1YN9jrrUc3ewXdZzPGQPLZUxCopK2/lXqDhGRvJMUikKHzA+85Ct

    M/fqNWBhqmqNEvRjYqfJP5WOm1hhzv1h+SFHXxshS9AeCbHfhJZ9r3S8/S5637HN

    dmm/7N8NgO/X6TmMT+ORsqJipraEXseL6pjezDH8b1G8a+I2zejCJ/nIVoBta4Uj

    tr+7BhM5ZJcsSB/vRjgoTruztN8MsvtXqy6/Ux+xgRFP2DqFMBBvB5mSY/nQMn/3

    ggDHDSuvR359NISUiOzHeiRG+H5x+ikycZH5F0ANehndFrqmpcbd+aa0iRdyQnL6

    +hpcoDl+3j97uwP6sN/N077lSzNfFalCoiyXgUptJmDEl1eimWDskiVPr+ezJHC7

    /CEZJbdIjSWuruefm6/RlEc/t+sVm1awP9bsNDUsRfkgCycLynSRzkIYWFX9jhdQ

    7ic+kVzD3P9/hoiVCCfOqVGL52OuEZh35UM01FXR5zS1JEuPRHSXDnrNJGvq0W0f

    eK7y2YNtmM/vi3bTg4sP8OXZU4aUZNQk+lpUP2qkMwA0L1SlK6wc1eTLwJXuGxml

    /FkWGfEpzS6Z6O5nwn6bWF/T9HCAvO++LSo/dmx4Jliveft19fFbKsbFElWmJVhp

    yY9Nf6GLkH2OxQ7CkBw0qITXbW9nwcRCLbYw0RY67phdjwMjJZn+CYvOfzvKGLVs

    —–END RSA PRIVATE KEY—–

    3. And the request (CSR) and send for signing

    —–BEGIN CERTIFICATE REQUEST—–

    MIIEfDCCAmQCAQAwNzELMAkGA1UEBhMCUEwxFDASBgNVBAoTC0dyYW5kbWV0cmlj

    MRIwEAYDVQQDEwlmaXJlcG93ZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK

    AoICAQCZy3rNUgtXI+dgu7lFKUco9yyr8zCI4W76plMrjdNDeBSS8yjYoK9kE7It

    d3QiLScP2APkZo6dqT7Le1o+bnsOhX85HxvjvobNVv29RuUCHJw7WRAdL2NHEXFC

    0QFQo7ASlv5rxeDckzXbJSehHzRjb/22INr6kpKzqwAdWbL8rmDP14hEyqvCGtvS

    7kQ11i+I6M+8QRprLvmZEqjO3CkysVC6XXrJIslFpfYLGiHg0ZBa3A+GTW/ugcat

    7eiVBun/XAKJCSUpvLraz4iv18DfudILbRt84JvhSmEuQxN/9nigmo0qqgikQcp3

    VbrDsJOAHb/k2g2Zmcz7T/tlKWBi0RhQ6gpR73Yd1v0PxrMKoebZjz+JnqehKTzw

    UAOHx7Za6ETFouNHYGEP0xCckaDkqbu095paqmolgnSvtG1PTn86D/uu9BpMoT+y

    0/7TO2/zbYCmCVoCckIXW3JH3dYyl5/3rCGWD8UsGZmTzf3UCOQouwoXt9cZJfIr

    xfvA/8uT7lWLa6MUPpznWlTmN5AaNDA688oMM5anSzXGWsm/YxaSPwRLwdG9haw+

    C0Mv3l0JjsPuK0ZopAjfBe04/UL0wKhAJ9dbOhZWxc94vYXH9T1BXWGcqV1NfWDw

    Ya6GAn4Dk+mmngjPrkw4PdANOpXaBC5+8hb5D+fCdoli1Fw//QIDAQABoAAwDQYJ

    KoZIhvcNAQELBQADggIBACfNjn1Nce6wRueScf68ufGOxb7qIPTHfi0P9/e7xl3D

    9fr4KKZQpipUQx6013pqcyhQ2LFc/DBUnqUQ2ZXNpHTE2BD4l3ytlDxZVLpFgFGj

    mrIlYNqeoHxFjNzPbbhvw20Ono2Xis7OISSwC6NI4eTGVTKk/mr7FZUTD7M/qxfi

    /348T0+i+aSHqa5mzzM8k3HJuy73TD4TG9Jip+NFDVl2vIoq1mBbwOiCCyB2PWDm

    Bi+iv1XS8Mecp9N1gqpIH7JBUKRdBqZOKz3mdHbJYtJpPIrStz0PlQNG7jLLlyik

    f+Q2YB0THzKTg/RRzLAXPnTpCpdDdeGzVUatqEvaQ0w9ygtnLDbsgJaQW/WHXEMU

    1BfRhf18CDtLTX0pRr6bfKvg0gqqQBrzt0jH70nveUerM1cS/3dgmTmtgXJe69Fs

    —–END CERTIFICATE REQUEST—–

     

    4. The final part is  importing the signed certificate. Now from FMC GUI (objects -> PKI)

     

     

    Author: Marcin Bialy
     
    Tags
    active standby Adaptive Security Appliance authentication authorization broadcast Cisco Cisco ASA Firepower cisco EIGRP Cisco FMC Cisco FMC - installing certificate for pxGRID cisco ise cisco ise deployment config configuration containers devops docker dockerfile eigrp Enhanced Interior Gateway Routing Protocol firewall high availability How to install FMC Cisco identity services engine ise deployment ise distributed deployment ospf radius routing security context virtual firewall
    Grandmetric