Cisco Headend Digital Broadband Delivery System
Introduction to DNCS HTTPS Certificates
4034689 Rev A
73
Certificate Files Required on the DNCS
A common set of certificate files are used for both web server instances on the
DNCS. Two lists of certificate files for the DNCS follow.
DNCS. Two lists of certificate files for the DNCS follow.
The first list contains the certificate files required when the DNCS acts as an
HTTP-S server.
HTTP-S server.
The second list contains the certificate files required when the DNCS acts as an
HTTP-S client, which is only applicable to the BOSS billing web service.
HTTP-S client, which is only applicable to the BOSS billing web service.
Note: All of the following files exist in the /etc/opt/certs directory on the DNCS.
DNCS HTTPS Server
-
server key — The server private key.
-
server.crt — The server signed certificate.
-
cachain.crt — The server certificate CA certificate chain. This file must
contain the entire CA certificate chain used to sign the server certificate.
contain the entire CA certificate chain used to sign the server certificate.
-
cacert.pem — A collection of all trusted root certificates for remote clients. If
client authentication is implemented, then this file must contain the root CA
certificate for the remote client certificate.
client authentication is implemented, then this file must contain the root CA
certificate for the remote client certificate.
DNCS HTTPS Client
-
bossclient.key — A concatenation of the private key, certificate, and CA
certificate chain used to sign the client certificate in the following order:
certificate chain used to sign the client certificate in the following order:
client private key
client certificate
intermediate CA certificates, if applicable
root CA certificate
Important: The order of the CA certificate chain must follow the certification
path starting with the intermediate CA certificate (if applicable) used to sign
the client certificate and ending with the root CA certificate.
path starting with the intermediate CA certificate (if applicable) used to sign
the client certificate and ending with the root CA certificate.
-
cacert.pem — A collection of all trusted root certificates for remote billing
servers. This file must contain the root CA certificate for the billing system
server certificate.
Note: It is possible to define a different file than the cacert.pem file using the
BOSS_SSL_CACERTS environment variable. This variable is not used in the
steps within this guide. If you use this environmental variable, you must
define it in the /export/home/dncs/.profile file. Additionally, the file
referenced by the environment variable must be readable by the dncs role.
servers. This file must contain the root CA certificate for the billing system
server certificate.
Note: It is possible to define a different file than the cacert.pem file using the
BOSS_SSL_CACERTS environment variable. This variable is not used in the
steps within this guide. If you use this environmental variable, you must
define it in the /export/home/dncs/.profile file. Additionally, the file
referenced by the environment variable must be readable by the dncs role.