Installing GoDaddy SSL Certificates on a Cisco IOS Router using CLI
I have found the process of getting a GoDaddy certificate installed on an IOS router had, like many Cisco projects, become a research project. The process is poorly documented and much of the documented commands are outdated due to the changes in IOS. I hope this helps save some time and energy on your part.
I have found the process of getting a GoDaddy certificate installed on an IOS router had, like many Cisco projects, become a research project. The process is poorly documented and much of the documented commands are outdated due to the changes in IOS. I hope this helps save some time and energy on your part. Make sure your routers time is correct before starting. I suggest you setup NTP to keep the routers time correct. If the routers time is not correct, it will affect the certificate’s functionality.
- Create a 2048 bit RSA key. GoDaddy now only supports 2048 or greater key length for security reasons. On their site they claim that computer performance will be capable of breaking a 1024 bit key by 2012. Will that be the end of the world? 🙂
- Create the trustpoint. A trustpoint is basically a certificate authority who you trust.
- You can get the certificate request by issuing the following commands:
- Paste the certificate request into the GoDaddy page to complete the request. The certificate request must be in the format below. You will need to add the begin and end lines. The begin and end certificate lines must be on separate lines or GD will give you an error. HINT: turn off word wrap in your text editor to ensure the format is proper.
- Once the Certificate is issued you will receive an email to download your certificates and the intermediates bundle. Save these certificates locally and open them in a text editor like Notepad or, preferably, Notepad++. Select server type “other” for the download.
- The next step is to install the intermediate certificate bundle into the routers Trustpoint you created earlier. Run the command below. Copy the INTERMEDIATE certificate you opened in your text editor and paste into your terminal session when prompted. The certificate will be named gd_intermediate.crt.
- You will now install the actual certificate. Follow the same copy and paste procedure as above. Notice the command is different than the command used to install the GoDaddy intermediate certificate bundle.
- If everything went well, you should now have your certificates successfully installed. You can run the following commands to verify your certificate is properly installed. You should see both the intermediates and the issued certificate. Remember to exit config mode and save your configuration.