Cisco Cisco Prime Optical 10.6 Installation Guide
15
chkconfig iptables off
or
service iptables stop
ISO Image or OVA Package Verification
Before installing Cisco Prime Optical, you need to verify the ISO image or OVA package.
Download the product installation file (OVA or ISO), its signature, and the certificate file to a separate Unix/Linux system and
perform the following steps:
perform the following steps:
Step 1
If you do not have openssl installed, download and install it (see
).
Step 2
Place the following files in a temporary directory:
•
The product file to be verified (*.iso or *.ova).
•
The signature file (*.signature) that is packaged with the product file.
•
The certificate files (*.pem).
Step 3
Move to the temporary directory and execute the following command:
openssl dgst -sha512 -verify
cert-file -signature sig-file product-file
Where:
cert-file is the Cisco Prime Optical certificate file
sig-file is the Cisco Prime Optical signature file
product-file is the Cisco Prime Optical ISO file or OVA image to be verified
Step 4
If the result is Verified OK:
•
For a product ISO file, proceed with the installation (you do not have to perform any more steps as part of this
validation procedure).
validation procedure).
•
For an OVA package, proceed to
Step 5
(OVA package only) Verify the publisher and certificate chain using the VMware vSphere client.
a.
Verify that Cisco Systems is the publisher.
–
In the vSphere client, choose File > Deploy OVF Template.
–
Browse to the OVA installation file (*.ova) and select it, then click Next.
–
Check whether the Publisher field in the OVF Template Details window displays Cisco Systems, Inc with a green check
mark next to it.
mark next to it.
Note
Do not validate the image using the information in the Vendor field as this field does not authenticate Cisco Systems
as the publisher.
as the publisher.
Note
Do not proceed if the Publisher field displays No certificate present. This indicate that the image is not signed or
the file is not from Cisco Systems or it has been tampered with. Contact your Cisco representative.
the file is not from Cisco Systems or it has been tampered with. Contact your Cisco representative.
b.
Check the certificate chain.
–
In the OVF Template Details window, click the Cisco Systems, Inc. hyperlink in the Publisher field.
–
In the Certificate window, click the Certification Path tab.
–
In the Certification Path tab (which lists the certificate chain), ensure that the Certification Path area displays Cisco
Systems, Inc. and the Certificate Status displays The certificate is OK.
Systems, Inc. and the Certificate Status displays The certificate is OK.