Cisco Headend Digital Broadband Delivery System
Contents
4034689 Rev A
v
Chapter 7 DNCS Web Services Security
53
Overview ................................................................................................................................. 54
Define the Web Service Listening Interface ....................................................................... 56
Define the Web Service Listening Interface ....................................................................... 56
Second Web Instance Consideration ...................................................................... 56
Define the Web Service Interface Using a Separate Web Instance .................... 58
Define the Web Service Using a Single Web Instance ......................................... 60
Define the Web Service Interface Using a Separate Web Instance .................... 58
Define the Web Service Using a Single Web Instance ......................................... 60
Allow HTTP Access to the Web Services ........................................................................... 62
Allowing HTTP Access to the BOSS Web Service ................................................ 62
Allowing HTTP Access to the STB Staging Web Service .................................... 63
Create Client Authorization Username and Password for the STB
Allowing HTTP Access to the STB Staging Web Service .................................... 63
Create Client Authorization Username and Password for the STB
Staging Web Service .............................................................................................. 65
Verify HTTP Access to the Web Services .............................................................. 67
Configure Remote Access to the DNCS Web Interface .................................................... 69
Introduction to DNCS HTTPS Certificates ......................................................................... 71
Introduction to DNCS HTTPS Certificates ......................................................................... 71
Certificate File Overview ......................................................................................... 71
Certificate Files Required on the DNCS ................................................................ 73
Certificate Deployment Options ............................................................................. 74
The gen_cert _dncs Utility ....................................................................................... 75
Certificate Files Required on the DNCS ................................................................ 73
Certificate Deployment Options ............................................................................. 74
The gen_cert _dncs Utility ....................................................................................... 75
Enable HTTPS Access and Installing Certificates ............................................................. 76
Allowing HTTPS Access to the BOSS Web Service.............................................. 76
Allowing HTTPS Access to the STB Staging Web Service .................................. 78
Allowing HTTPS Access to the STB Staging Web Service .................................. 78
Generating and Deploying SSL Certificates Signed by a CA on a DNCS ..................... 80
Create the DNCS Certificate Using a DNCS CA .................................................. 80
Add Trusted Root CA Certificates for the BOSS Web Service ........................... 83
Configure Client Authentication for the BOSS Web Service .............................. 84
Prepare the DNCS Web Instance Trust Store ....................................................... 87
Verify the Running Status of the Web Server Instances ...................................... 88
Add Trusted Root CA Certificates for the BOSS Web Service ........................... 83
Configure Client Authentication for the BOSS Web Service .............................. 84
Prepare the DNCS Web Instance Trust Store ....................................................... 87
Verify the Running Status of the Web Server Instances ...................................... 88
Deploying SSL Certificates Signed by an External CA ..................................................... 93
Create the DNCS Certificate Using an External CA ............................................ 93
Add Trusted Root CA Certificates for the BOSS Web Service ........................... 95
Configure Client Authentication for the BOSS Web Service .............................. 96
Prepare the DNCS Web Instance Trust Store ..................................................... 100
Verify the Running Status of the http Web Server Instance ............................. 101
Add Trusted Root CA Certificates for the BOSS Web Service ........................... 95
Configure Client Authentication for the BOSS Web Service .............................. 96
Prepare the DNCS Web Instance Trust Store ..................................................... 100
Verify the Running Status of the http Web Server Instance ............................. 101
Create Your Own Certification Authority ........................................................................ 105
Creating Your Own Certification Authority ....................................................... 105
Troubleshooting SSL/TLS on the DNCS .......................................................................... 108
DNCS Web Service Process Check ....................................................................... 108
Log Files to Monitor ............................................................................................... 112
Files and Directory Permissions ........................................................................... 112
View Certificate Files .............................................................................................. 113
Log Files to Monitor ............................................................................................... 112
Files and Directory Permissions ........................................................................... 112
View Certificate Files .............................................................................................. 113
Add Trusted Root CA Certificates .................................................................................... 114