Cisco Headend Digital Broadband Delivery System
Chapter 7 DNCS Web Services Security
118
4034689 Rev A
3 Use these guidelines to answer the prompt displayed in step 2.
Note: We recommended that you provide valid input for the Distinguished
Name information. Use a period (.) to indicate blank input.
Name information. Use a period (.) to indicate blank input.
Country Name — The country where your company resides. Use the two-
letter country code without punctuation for country (for example, US or FR).
letter country code without punctuation for country (for example, US or FR).
State or Province — The state or province where your company resides. Spell
out the state completely (for example, California). Do not abbreviate the state
or province name.
out the state completely (for example, California). Do not abbreviate the state
or province name.
Locality or City — The city or town where your company resides (for
example, Berkeley).
example, Berkeley).
Organization Name — Your company's name (for example, XYZ
Corporation). If your company or department name has an &, @, or any other
symbol that requires using the Shift key in its name, you must spell out the
symbol or omit it.
Corporation). If your company or department name has an &, @, or any other
symbol that requires using the Shift key in its name, you must spell out the
symbol or omit it.
Organizational Unit — The organization within the company. This field is
optional but can be used to help identify certificates registered to an
organization. The Organizational Unit (OU) field is the name of the
department or organization unit making the request. To skip the OU field,
press Enter.
optional but can be used to help identify certificates registered to an
organization. The Organizational Unit (OU) field is the name of the
department or organization unit making the request. To skip the OU field,
press Enter.
Common Name — The Common Name is the host plus the domain name
(for example, www.company.com or *.company.com). For the DNCS, use
the IP address of the interface that will be used for the DNCS Web Services.
(for example, www.company.com or *.company.com). For the DNCS, use
the IP address of the interface that will be used for the DNCS Web Services.
Email Address — E-mail address of the certificate requester.
Result: The DNCS creates the server.key, server.crt, cachain.crt, and cacert.pem
files in the /etc/opt/certs directory.
files in the /etc/opt/certs directory.
4 Type the following command and press Enter to set the file permissions to read-
only for the root user:
chmod 400 /etc/opt/certs/server.key
5 Type the following command and press Enter to ensure that the file is globally
readable:
chmod 444 /etc/opt/certs/server.crt
6 Type the following command and press Enter to remove the symbolic link to the
cachain.crt file:
rm /etc/opt/certs/cacert.pem
Note: This file will be recreated later with the appropriate contents and
permissions.
permissions.