Cisco Headend System Release 2.7 Installation Guide
Install the Certificates on the DNCS
4038415 Rev A
107
Install the Root Certificate of the Trusted Root Authority
If the client certificate authentication is required, then the CA root authority's
certificate, which signs the client certificate, should be installed in the
/etc/opt/certs/cacert.pem file. We recommended that the CA root certificate be
added to this file, but it is not required.
certificate, which signs the client certificate, should be installed in the
/etc/opt/certs/cacert.pem file. We recommended that the CA root certificate be
added to this file, but it is not required.
Type the following commands and then press Enter to install the root certificate of
the trusted root authority.
the trusted root authority.
cp /etc/opt/certs/cacert.pem /etc/opt/certs/cacert.pem.`date
+%m%d%y`
+%m%d%y`
cat CA_NSO.crt.txt >> /etc/opt/certs/cacert.pem
The following table displays the relevant files and permissions:
File
Permission
Owner:
Group
Group
Comments
server.key
400
-r-------- root:root
This is the private key generated on the
DNCS (first step in the Generate the
CSR (on page 125) process).
If you want to skip the Generate the
CSR process and use the same
dncs_server.csr.crt received from the
NSO on all DNCSs, you need to copy
the server.key file to all other DNCS
controllers. Please note that this file
does not contain the passphrase, and
consequently should be guarded
appropriately.
One way to copy this file from a
configured DNCS controller to another
DNCS being configured would be to
copy the server.key.secure file instead.
However you will need the passphrase
that was used when extracting the
server.key file (Generate the CSR (on
page 125) first step) from the
server.key.secure file.
DNCS (first step in the Generate the
CSR (on page 125) process).
If you want to skip the Generate the
CSR process and use the same
dncs_server.csr.crt received from the
NSO on all DNCSs, you need to copy
the server.key file to all other DNCS
controllers. Please note that this file
does not contain the passphrase, and
consequently should be guarded
appropriately.
One way to copy this file from a
configured DNCS controller to another
DNCS being configured would be to
copy the server.key.secure file instead.
However you will need the passphrase
that was used when extracting the
server.key file (Generate the CSR (on
page 125) first step) from the
server.key.secure file.
server.crt
444
-r--r--r-- root:root
This is the dncs_server.csr.crt file
renamed as server.crt.
renamed as server.crt.