Cisco Headend Digital Broadband Delivery System
Chapter 7 DNCS Web Services Security
96
4034689 Rev A
lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
-----END CERTIFICATE-----
2 Type the following command and press Enter to create the cacert.pem file:
cat /etc/opt/certs/[billing server Root CA Crt] >>
/etc/opt/certs/cacert.pem
/etc/opt/certs/cacert.pem
Note: Replace [Billing Server Root CA Crt] with the root CA certificate of the CA
chain used to sign the billing system's HTTPS server certificate.
Important: Do not attempt to append the root CA certificate to the cacert.pem
file using a text editor.
chain used to sign the billing system's HTTPS server certificate.
Important: Do not attempt to append the root CA certificate to the cacert.pem
file using a text editor.
Configure Client Authentication for the BOSS Web Service
Client authentication is optional for the DNCS BOSS web service. The BOSS web
service does not require client authentication by default. When client authentication
is required by an HTTP-S Server, the HTTP-S client must provide a valid client
certificate.
service does not require client authentication by default. When client authentication
is required by an HTTP-S Server, the HTTP-S client must provide a valid client
certificate.
When client authentication is optional for an HTTP-S Server, the server requests a
valid client certificate but the client is not required to return one. If the client does
return a certificate, it must be trusted by the server.
valid client certificate but the client is not required to return one. If the client does
return a certificate, it must be trusted by the server.
Complete the following steps to define client authentication on the DNCS.
1 Is client authentication required for the BOSS web service?
1 Is client authentication required for the BOSS web service?
If yes, go to step 2.
If no, complete the following steps to disable client authentication.
a Use a text editor to open the /etc/apache2/user-
conf/SAIdncs.bossreq.auth.conf file.
b Change “optional” to “none” in the SSLVerifyClient line.
Example:
SSLVerifyClient none
c Save and close the file.
d Type the following command and press Enter to verify that the file was
d Type the following command and press Enter to verify that the file was
updated successfully:
grep SSLVerifyClient /etc/apache2/user-
conf/SAIdncs.bossreq.auth.conf
conf/SAIdncs.bossreq.auth.conf
Result: Output should look similar to the following example:
SSLVerifyClient none