1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Using a custom cert with RVL200?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by openhelix, May 4, 2008.

  1. openhelix

    openhelix Addicted to LI Member

    Hey guys,

    Is there a way to use a custom certificate with the RVL200? All my systems already trust my domain root cert so creating a cert off that would stop the issue of having to import the Linksys cert on every system.

    Thanks!
     
  2. Toxic

    Toxic Administrator Staff Member

  3. openhelix

    openhelix Addicted to LI Member

    That would get me *a* cert but I'd still have to then redeploy the root cert for my new OpenSSL CA. Is there anyway to do this from an existing windows CA?
     
  4. xlr8

    xlr8 LI Guru Member

    You should be able to create a certificate signed by your Windows CA and (assuming you can get it in the proper format) you should be able to import it into the RVL200 without issue. It's been a while since I generated a self-signed certificate on a windows box, so I don't have those exact instructions, nor do I remember what format it spits out in. However, OpenSSL can take your certificate and convert it into the proper format, so it might still be of use, even if you're not going to use it to generate and/or sign the certificate.

    For the RVL to accept the certificate, it needs to be X509 format in a PEM file. You need to upload the private key and the signed certificate in a single file, with the private key first and the certificate second.

    For example:
    -----BEGIN RSA PRIVATE KEY-----
    (base64 encoded private key would be here)
    -----END RSA PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    (base64 encoded certificate would be here)
    -----END CERTIFICATE-----

    Note that the RVL will only accept a single certificate, so chained or intermediate certificates can't be uploaded to the device and work properly. (So, avoid godaddy's cheap chained certificates, since they require an intermediate certificate to be loaded in order for the certificate to be traced back to a trusted CA.)

    If you're looking to buy a certificate signed by a root CA that will be trusted on almost all browsers, I had very good luck with www.rapidssl.com - you can get a free trial certificate to try it out and make sure it works before you pay... plus, you can find a reseller and get a certificate for significantly cheaper than buying from RapidSSL directly. I bought mine from www.namecheap.com for $12.88/year.

    Good luck!
     

Share This Page