Cisco Headend Digital Broadband Delivery System
Deploying SSL Certificates Signed by an External CA
4034689 Rev A
93
Deploying SSL Certificates Signed by an External
CA
This section provides step-by-step instructions for generating the DNCS Web Service
private key and CSR files, and then deploying the Certificate signed by the external
CA.
private key and CSR files, and then deploying the Certificate signed by the external
CA.
The gen_crt_dncs utility is used to create the private key and CSR file, as well as
deploying the signed certificate (server.crt) on the DNCS. Note that these
instructions implement one certificate for the DNCS Web Instance; that is, the same
certificate is used for the DNCS HTTP-S server and HTTP-S client.
deploying the signed certificate (server.crt) on the DNCS. Note that these
instructions implement one certificate for the DNCS Web Instance; that is, the same
certificate is used for the DNCS HTTP-S server and HTTP-S client.
The Certification Authority can be someone or some group within your company or
a commercial CA, such as VeriSign.
a commercial CA, such as VeriSign.
Create the DNCS Certificate Using an External CA
To create, and deploy SSL certificates using an External CA, complete the following
steps.
1 From an xterm window on the DNCS, type the following command and press
steps.
1 From an xterm window on the DNCS, type the following command and press
Enter:
/etc/apache2/gen_crt_dncs
Result: The system displays a message similar to the following.
Prepare SSL certificate for HTTPS service. HTTPS will not be
supported on
supported on
this host without an SSL certificate in place. Choose from
following options:
following options:
1. Generate a self-signed SSL certificate and deploy now. You
will need to manually deploy the certificate to those clients
connecting to this server.
will need to manually deploy the certificate to those clients
connecting to this server.
2. Generate a certificate signing request for the server
certificate and proceed. No SSL certificate will be deployed,
you will need to sign the generated CSR file externally and
manually deploy it.
certificate and proceed. No SSL certificate will be deployed,
you will need to sign the generated CSR file externally and
manually deploy it.
3. Import a server certificate for use by openssl and apache.
4. Check dependencies and enable apache SSL.
5. Exit - Skip this step now and manually deploy SSL
certificate later.
certificate later.
Refer to the system User's Guide for instructions.
Please enter your choice: [1|2|3|4|5]
2 Select choice 2 to create a certificate signing request and press Enter. The
command prompts you for the Distinguished Name attributes of the certificate.