Cisco Headend System Release 2.7 설치 가이드
Appendix C
SSL Configuration for the LoadPIMS Web Service
106
4038415 Rev A
Install the Certificates on the DNCS
The following steps are required to install the SSL certificate on the DNCS:
A Certificate Signing Request (CSR) is generated on the DNCS and sent to a
trusted Certificate Authority (CA).
trusted Certificate Authority (CA).
The Certificate Authority issues a corresponding digital certificate to be installed
on the DNCS. (The root certificate of the CA will probably need to be installed as
well.)
on the DNCS. (The root certificate of the CA will probably need to be installed as
well.)
The certificate (along with its corresponding public and private keys) must be
manually copied to any other DNCS.
manually copied to any other DNCS.
Install the Digital Certificate from the CA
At this point, the following certificate and key files should reside on your system:
server.crt: The CA-signed server certificate
Note: See Creating a Self-Signed Server Key Certificate (on page 122) for
creating self-signed certificates.
Note: See Creating a Self-Signed Server Key Certificate (on page 122) for
creating self-signed certificates.
server.key: The private server key; this does not require a password when
starting Apache
starting Apache
server.key.secure: The private passphrase protected key
Note: If you do not have the digital certificate files and the server's private key and
need to generate one, see Generate the CSR (on page 125) to create the server.key
private file and the procedure to request the Certificate Authority for the digital
certificates.
1 Upload the signed server.crt received from the CA on the DNCS server into the
need to generate one, see Generate the CSR (on page 125) to create the server.key
private file and the procedure to request the Certificate Authority for the digital
certificates.
1 Upload the signed server.crt received from the CA on the DNCS server into the
/etc/opt/certs/ directory.
2 Type the following command and then press Enter to copy the server.crt file to
cacert.crt.
cp /etc/opt/certs/server.crt /etc/opt/certs/cacert.crt