Cisco Headend System Release 2.7 Installation Guide
Install the Certificates on the DNCS
4036043 Rev B
103
Install the Certificates on the DNCS
Root shell access is required to perform all SSL and Apache web server configuration
operations.
The following steps are required to install the SSL certificate on the DNCS:
operations.
The following steps are required to install the SSL certificate on the DNCS:
A Certificate Signing Request (CSR) is generated on the DNCS and sent to a
trusted Certificate Authority (CA).
The Certificate Authority issues a corresponding digital certificate to be installed
on the DNCS. (The root certificate of the CA will probably need to be installed as
well.)
The certificate (along with its corresponding public and private keys) must be
manually copied to any other DNCS.
Install the Digital Certificate from the CA
At this point, the following certificate and key files should reside on your system:
server.crt: The CA-signed server certificate
Note: See
Note: See
Creating a Self-Signed Server Key Certificate (on page 120) for
creating self-signed certificates.
server.key: The private server key; this does not require a password when
starting Apache
server.key.secure: The private passphrase protected key
Note: If you do not have the digital certificate files and the server's private key and
need to generate one, see Generate the CSR (on page 123) to create the server.key
private file and the procedure to request the Certificate Authority for the digital
certificates.
1 Upload the signed server.crt received from the CA on the DNCS server into the
need to generate one, see Generate the CSR (on page 123) to create the server.key
private file and the procedure to request the Certificate Authority for the digital
certificates.
1 Upload the signed server.crt received from the CA on the DNCS server into the
/etc/opt/certs/ directory.
2 Type the following command and then press Enter to copy the server.crt file to
cacert.crt.
cp /etc/opt/certs/server.crt /etc/opt/certs/cacert.crt