XYZ-SSG140-Cluster:Hostname-XYZ-ACT(M)-> get pki x509 dnHostname-XYZ-ACT's X509 Distinguish Name:
CN=0165072008070226CN=domain.example.orgCN=0044 20 1234 5678CN=rsa-keyCN=admin@example.orgCN=RootC =GBO =Example Company Ltd
The fix for this is to enable the raw common name command which tells the Netscreen to only use the domain name for the CN attribute.
set pki x509 raw-cn enable
Now we get the following output from the get pki x509 dn command:
XYZ-SSG140-Cluster:Hostname-XYZ-ACT(M)-> get pki x509 dnNote: *** Raw CN mode enabled ***CN=domain.example.orgC =GBO =Example Company Ltd
So to recap - the full commands to generate the certificate areset pki x509 raw-cn enable
set pki x509 dn country-name "GB"
set pki x509 dn org-name "Example Company Ltd"
set pki x509 dn org-unit-name "Testing"
set pki x509 dn email "admin@example.org"
set pki x509 cert-fqdn domain.example.org
exec pki rsa new-key 1024This will output the CSR, it will look something like this, you need to copy everything including the BEGIN and END REQUEST statements and give that to your CA.
-----BEGIN CERTIFICATE REQUEST-----
MIIB0zjCCATsCAQAwZTENMAsGaA1UEChMESk5QUjEZMB
cGA1UEAxMQMDsA0MzAyMjAwMjAwMDE4NjEQMA4GA1UE
AxMHcnNhLWtleTEYMBYGA1UEAxMPd3d3Lmp1b
-----END CERTIFICATE REQUEST-----