Cisco Cisco Unified Customer Voice Portal 10.5(1) Manual Técnica
dir oamp.csr
08/25/2016 08:13 AM 1,136 oamp.csr
Issue the Certificate on the CA
To get the certificate you will need a Certificate Authority already configured.
Type the following URL in a browser
http://<CA ip address>/certsrv
Then select Request certificate and Advanced certificate request.
more oamp.csr
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIC/TCCAeUCAQAwgYcxIzAhBgkqhkiG9w0BCQEWFGFkbWluQGFsbGV2aWNoLmxvY2FsMQswCQYD
VQQGEwJQTDEUMBIGA1UECBMLTWFsb3BvbHNraWUxDzANBgNVBAcTBktyYWtvdzEOMAwGA1UEChMF
Q2lzY28xDDAKBgNVBAsTA1RBQzEOMAwGA1UEAxMFQ1ZQMTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvQEGmJPmzimqQA6zc1mbWnkzAj3PvGKe9Qg0REfOnHpLq+ddx66o6OGr6TTb1
BrqI8UeN1JDfuQj/m4HZvKsqRv1AWA5CtGRzjbOeNXPMCGOtkO0b9643M8DY0Q9LQ/+PxdzYGhie
CxnhQURcAIsViphV4yxUVJ4QcLkzkbM9T8DSoJSJAI4gY+tO3i0xxDTcxlaTQ1xkRYDba8JwzVHL
TkVwtSRK2jqIzJuBPZwpXMZc8RDkffBurrVXhFb8ylvR/Q7cAzHPgpPLuK6KmwpOKv8CRoWml3xA
EgRd39szkZfbawRzddTqw8hM/2cLSoUKx0NMFY5dXzIszQEYlK5XAgMBAAGgMDAuBgkqhkiG9w0B
CQ4xITAfMB0GA1UdDgQWBBRe8ul0CdlHckIm9VjD3ZL/uXhgGzANBgkqhkiG9w0BAQsFAAOCAQEA
c48VD1d/BJMaOXwxz5riT1BCjxzLIMTNzv3W00K7ehtmYVTTaRCXLZ/sOX5ws807kwnOaZeIpRzd
lGvumS+dUgun/2QO0rp+B44gRvgp9KUTvv5C6YoBslm4H2xp9yaQpgzLBJuKRgl8yIzYnIvoVuPx
racGSkyxKzxvrvxOX2qvxoVq71bf43Aps4+G85Cp3GWhIBQ+TtIKKxgZ/C64ThZgT9HtD9zbL3g0
U8bPlF6JNjztzjmuGEdqsNf0fAjpPsfShQl0o4qIMBi7hBQusAwNBEB1xaAlYumD09+R/BK2KfMv
Iy4CdsEfWlmjBb54lTJEYzwOh7tpRZkjOqyVMQ== -----END NEW CERTIFICATE REQUEST-----
Copy and paste the entire content of the CSR to the appropriate menu. Select Web Server as a
certificate template and Base 64 encoded. Then click Download certificate chain.
certificate template and Base 64 encoded. Then click Download certificate chain.
You can export CA and web server generated certificate individually or download a full chain. In
this example the full chain option is used.
this example the full chain option is used.
Import CA Generated Certificate
Install the certificate from the file.
%kt% -import -v -trustcacerts -alias oamp_certificate -file oamp.p7b
To apply new certificate restart World Wide Web Publishing Service and Cisco CVP
OPSConsoleServer services.
OPSConsoleServer services.
Verify
Easiest way to verify is to login to CVP OAMP web server. You should not get an untrusted
certificate warning message.
certificate warning message.
Another way is to check the OAMP certificate used with the following command.
%kt% -list -v -alias oamp_certificate
Alias name: oamp_certificate Creation date: Oct 20, 2016
Entry type: PrivateKeyEntry Certificate chain length: 2 Certificate[1]: Owner:
CN=cvp11.allevich.local, OU=TAC, O=Cisco, L=Krakow, ST=Malopolskie, C=PL Issuer: CN=pod1-POD1AD-
CA, DC=pod1, DC=ccemea, DC=tac Serial number: 130c0db6000000000017 Valid from: Thu Oct 20
12:48:08 CEST 2016 until: Sat Oct 20 12:48:08 CEST 2018 Certificate fingerprints: MD5:
BA:E8:FA:05:45:07:D0:3C:C8:81:1C:34:3D:21:AF:AC SHA1:
30:04:F2:EE:37:22:9D:8D:27:8F:54:D2:BA:D4:0F:33:74:34:87:D8 Signature algorithm name:
SHA1withRSA Version: 3 Extensions: #1: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false 0000: 1E