Obtain a Signed Audit Log Client Certificate for the CDO
Important | The Audit Log Certificate page is not available on a standby Cisco Defense Orchestrator in a high availability setup. You cannot perform this task from a standby Cisco Defense Orchestrator. |
The system generates certificate request keys in Base-64 encoded PEM format.
Before you begin
Keep the following in mind:
-
To ensure security, use a globally recognized and trusted Certificate Authority (CA) to sign your certificate.
-
If you will require mutual authentication between the appliance and the audit log server, the same Certificate Authority must sign both the client certificate and the server certificate.
Procedure
| Step 1 | Choose System ( | ||
| Step 2 | Click Audit Log Certificate. | ||
| Step 3 | Click Generate New CSR. | ||
| Step 4 | Enter a country code in the Country Name (two-letter code) field. | ||
| Step 5 | Enter a state or province postal abbreviation in the State or Province field. | ||
| Step 6 | Enter a Locality or City. | ||
| Step 7 | Enter an Organization name. | ||
| Step 8 | Enter an Organizational Unit (Department) name. | ||
| Step 9 | Enter the fully qualified domain name of the server for which you want to request a certificate in the Common Name field.
| ||
| Step 10 | Click Generate. | ||
| Step 11 | Open a new blank file with a text editor. | ||
| Step 12 | Copy the entire block of text in the certificate request,
including the
| ||
| Step 13 | Save the file as
| ||
| Step 14 | Click Close. |
)What to do next
-
Submit the certificate signing request to the certificate authority that you selected using the guidelines in the "Before You Begin" section of this procedure.
-
When you receive the signed certificate, import it to the appliance; see Import an Audit Log Client Certificate into the CDO.