Cisco Headend Digital Broadband Delivery System
Generating and Deploying SSL Certificates Signed by a CA on a DNCS
4034689 Rev A
83
Add Trusted Root CA Certificates for the BOSS Web Service
Follow these instructions to copy the billing system's HTTP-S server root CA
certificate to the list of trusted certificate authorities.
1 Obtain a copy of the root CA certificate in the CA certificate chain used to sign
certificate to the list of trusted certificate authorities.
1 Obtain a copy of the root CA certificate in the CA certificate chain used to sign
the billing system's HTTP-S server certificate and place it in the /etc/opt/certs
directory of the DNCS. The root CA certificate must be in privacy-enhanced mail
format (PEM) format.
Note: The text file must contain the entire root CA certificate starting with
BEGIN CERTIFICATE and ending with END CERTIFICATE.
Example:
directory of the DNCS. The root CA certificate must be in privacy-enhanced mail
format (PEM) format.
Note: The text file must contain the entire root CA certificate starting with
BEGIN CERTIFICATE and ending with END CERTIFICATE.
Example:
-----BEGIN CERTIFICATE-----
MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFg
VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IF
bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIF
b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEw
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZX
cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IE
b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6H
iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJ
r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0
04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG
GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017
3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw
lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
-----END CERTIFICATE-----
2
Type the following command and press Enter to create the cacert.pem file:
cat /etc/opt/certs/[billing server Root CA Crt] >>
/etc/opt/certs/cacert.pem
/etc/opt/certs/cacert.pem
Note: Replace [Billing Server Root CA Crt] with the root CA certificate of the CA
chain used to sign the billing system's HTTPS server certificate.
Important: Do not attempt to append the root CA certificate to the cacert.pem
file using a text editor.
chain used to sign the billing system's HTTPS server certificate.
Important: Do not attempt to append the root CA certificate to the cacert.pem
file using a text editor.