Cisco Headend Digital Broadband Delivery System
Generating and Deploying SSL Certificates Signed by a CA on a DNCS
4034689 Rev A
87
17 Follow these instructions to restart the DNCS http process.
a Type the following command and press Enter to stop the http process:
svcadm -v disable -st http
b Type the following command and press Enter to refresh the http process:
svcadm refresh http
c Type the following command and press Enter to restart the http process:
svcadm -v enable -s http
Result: The system displays the svc:/network/http:apache2 enabled
message.
message.
18 Follow these instructions to restart the DNCS http-dncsws process.
a
Type the following command and press Enter to stop the http-dncsws
process:
process:
svcadm -v disable -st http-dncsws
b Type the following command and press Enter to refresh the http-dncsws
process:
svcadm refresh http-dncsws
c Type the following command and press Enter to restart the http-dncsws
process:
svcadm -v enable -s http-dncsws
Result: The system displays the svc:/network/http-dncsws:apache2-dncsws
enabled message.
enabled message.
Prepare the DNCS Web Instance Trust Store
The cacert.pem file on the DNCS must contain all of the trusted root CA certificates.
This file must exist with a minimum of one trusted certificate for the web instances
to start. At this point, this file will either contain the trusted root CA certificates for
the BOSS Web Service or not exist if the DNCS has only been configured for the STB
Staging Web Service.
1
This file must exist with a minimum of one trusted certificate for the web instances
to start. At this point, this file will either contain the trusted root CA certificates for
the BOSS Web Service or not exist if the DNCS has only been configured for the STB
Staging Web Service.
1
Type the following command and press Enter:
cat /etc/opt/certs/cacert.pem
2 Did the output from step 1 display certificate text?
If yes, continue with step 3.
If no (a cannot open /etc/opt/certs/cacert.pem message appears), then the
cacert.pem file does not exist. Type the following command and press Enter
to copy the cachain.crt file to cacert.pem.
cacert.pem file does not exist. Type the following command and press Enter
to copy the cachain.crt file to cacert.pem.
cp /etc/opt/certs/cachain.crt /etc/opt/certs/cacert.pem
3 Type the following command and press Enter to set the file permissions:
chmod 444 /etc/opt/certs/cacert.pem