Cisco Headend Digital Broadband Delivery System

 

96 

4034689 Rev A 

lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/

 

 

-----END CERTIFICATE-----

 

2  Type the following command and press Enter to create the cacert.pem file: 

cat /etc/opt/certs/[billing server Root CA Crt] >> 
/etc/opt/certs/cacert.pem

 

 

Note: Replace [Billing Server Root CA Crt] with the root CA certificate of the CA 
chain used to sign the billing system's HTTPS server certificate. 
Important: Do not attempt to append the root CA certificate to the cacert.pem 
file using a text editor. 

 

Client authentication is optional for the DNCS BOSS web service. The BOSS web 
service does not require client authentication by default. When client authentication 
is required by an HTTP-S Server, the HTTP-S client must provide a valid client 
certificate.  

When client authentication is optional for an HTTP-S Server, the server requests a 
valid client certificate but the client is not required to return one. If the client does 
return a certificate, it must be trusted by the server.   

Complete the following steps to define client authentication on the DNCS. 
1  Is client authentication required for the BOSS web service? 



 

If yes, go to step 2. 



 

If no, complete the following steps to disable client authentication. 

a  Use a text editor to open the /etc/apache2/user-

conf/SAIdncs.bossreq.auth.conf file. 

b  Change “optional” to “none” in the SSLVerifyClient line. 

Example: 

SSLVerifyClient none

 

c  Save and close the file. 
d  Type the following command and press Enter to verify that the file was 

updated successfully: 

grep SSLVerifyClient /etc/apache2/user-
conf/SAIdncs.bossreq.auth.conf

 

 

Result: Output should look similar to the following example: 

SSLVerifyClient none