1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RVL200 certificate signing request (CSR)

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by packwoodit.com, Aug 3, 2008.

  1. packwoodit.com

    packwoodit.com Addicted to LI Member

    Hi, How do I generate a CSR on the RVL200 so I can obtain a certificate from a widely recognised CA e.g. instantSSL, ssl247 or godaddy? I want to do this so that customers don't get the "problem with certificate" message. Hope someone can help me.
  2. Toxic

    Toxic Administrator Staff Member

  3. packwoodit.com

    packwoodit.com Addicted to LI Member

    Thanks for your reply, but...

    I am looking to obtain a certificate from a CA that is already trusted by most popular browsers. I will then import it onto my RVL200. To do this, the RVL200 needs to generate a CSR.
    My understanding of the openssl solution means you have to import a certificate to every browser before they visit my RVL200 in order for the visitor to get the golden padlock.

    An observation....You can generate a CSR from most web servers and the Netgear SSL hardware boxes (e.g. SSL312) and I would be surprised if Linksys have ommitted this functionality from the RVL200 ?
  4. Toxic

    Toxic Administrator Staff Member

    The RVL200 is not an SSL312. Hardware is similar but then again the SSL312 is not a 4 port router with an IPSEC VPN Tunnel.

    I had mentioned this to the dev team before, but I dont think this will be a feature set of the RVL200.

    i'll pass your request on but please do not hold your breathe:)
  5. xlr8

    xlr8 LI Guru Member

    You can put a certificate from a widely recognized CA on your RVL200 - I have one on mine. You do have to use OpenSSL to generate a Private Key and CSR. Send the CSR to the CA, they'll send you back the Certificate, then you have to concatenate the Private Key and Certificate and load it onto your RVL.

    Details here: http://www.linksysinfo.org/forums/showthread.php?p=325074
  6. packwoodit.com

    packwoodit.com Addicted to LI Member

    Please could you post the OpenSSL commands that will generate a private key and CSR and (when I get a certificate back from the CA) what are the OpenSSL commands to concatenate the Private Key and Certificate so that I have got a file in the right format for loading onto my RVL200? Thanks.
  7. xlr8

    xlr8 LI Guru Member

    Generate a private key (saved as file "key.pem"):
    openssl genrsa -out key.pem 1024

    Generate a CSR (saved as file "request.pem"):
    openssl req -new -key key.pem -out request.pem

    When creating the CSR, you be prompted for information... for "Common Name" be sure to put the domain name you use to access your RVL200. For most CA's, you will be required to verify that you are the owner of that domain.

    Submit the request.pem (or the contents of it) to the place you're purchasing the certificate from.

    Open SSL isn't required to concatenate the private key and the certificate. You just need notepad....

    When the certificate comes back from the CA, open a new document in notepad. Cut and paste the contents of key.pem and the certificate from the CA into that file in this format:

    paste contents of key.pem here
    -----END RSA PRIVATE KEY-----
    paste contents of certificate here
    -----END CERTIFICATE-----

    Save that file in notepad and upload it to the RVL. Then you should be good to go.

    I would suggest trying the procedure by getting a free trial certificate from rapidssl.com. It won't cost you anything and you'll understand how the process works. Once you do that, you can purchase a certificate from whereever. Be forewarned, the RVL does not accept chained certificates (you can't load an intermediate certificate on the device), so whoever you buy your final certificate from, be sure it's not a chained certificate. FYI, GoDaddy uses chained certificates, so avoid them on the RVL. RapidSSL issues certificates directly (not chained). You can find cheap RapidSSL resellers - one example (which I used) is namecheap.com.

Share This Page