Руководство По Установке для Cisco Cisco Prime Infrastructure 2.1
23
Generating a CA-Signed Certificate for the Plug and Play Gateway
By default, the Plug and Play Gateway can be set up to generate a self-signed certificate. The certificate can be used to create a
trustpoint on the device for SSL communication. We recommend that you use SSL certificates signed by a single CA for both
the Plug and Play Gateway and the device.
trustpoint on the device for SSL communication. We recommend that you use SSL certificates signed by a single CA for both
the Plug and Play Gateway and the device.
You should generate the certificate only if you require SSL communication with a CA- signed certificate between the Plug and
Play Gateway and the device.
Play Gateway and the device.
Step 1
Log in to the CNS supported K9 device and check the version of the software image using the show version command.
The image that is loaded on the CNS supported K9 device should be a crypto image.
The image that is loaded on the CNS supported K9 device should be a crypto image.
Step 2
Obtain the server certificate from the CA using the following commands.
Generate RSA keys and certificate signing request:
$cd /root
$openssl genrsa -out server.key 1024 // generate an RSA Keypair and a Certificate Signing Request:
$chown root:root server.key
$chmod 400 server.key
$openssl req -new -key server.key -out server.csr
You can enter a period (.) in case you do not want to enter any information. But remember to enter CE
server name as
(Ex: myCEserver.example.com) when asked for Common Name (e.g., YOUR name) []:
The server.key and the server.csr files are now in the root directory.
Note
Ensure that you to obtain a signed CA certificate using the .csr file. You should receive three .crt files from your CA.
Step 3
Run the Plug and Play setup and copy the CA certificate. For more information on the Plug and Play setup, see the