Introduction
An SSL Certificate is required when you access the WebUI of the Cisco TelePresence product through HTTPS.
The default self-signed certificate, pre-installed at the time of product shipment, is available.
The customer is expected to create a new certificate by themselves when the installed certificate has expired.
This document introduces an example procedure for creating a self-signed certificate using OpenSSL.
----------------------------------------------------------------------------------------------------------------------------
OpenSSL is available with Linux and UNIX by default for most cases.
OpenSSL for Windows can be downloaded at the following URL:
http://slproweb.com/products/Win32OpenSSL.html
1. Generate an RSA key pair using the following command:
> openssl genrsa -des3 -out example.key 2048
A sample file, "example.key", containing the public key and the private key is generated by this command.
Cisco recommends, for security reasons, to use a key length of at least 2048 bits (specified with the option at the end).
The example.key is encrypted, which requires you to enter the password at the prompt when you generate the file.
2. Create a certificate for signing in the request to be sent to the Certificate Authority.
> openssl req -new -key example.key -out example.csr
When you execute this command, you are prompted to enter some items.
Specify the host name or IP address for the product concerned for the "Common Name" field.
3. Generate an RSA key pair for the Certificate Authority.
> openssl genrsa -des3 -out CA.key 2048
4. Generate a root certificate for the Certificate Authority.
> openssl req -new -x509 -key CA.key -out CA.cer -days 365
You are prompted to enter some items in a similar way to Step 2 above.
Install the generated certificate in the browser with which you access the WebUI of the product concerned.
The option at the end specifies the duration (days) of the certificate.
5. Sign the certificate using the Certificate Authority.
> openssl x509 -req -in example.csr -CA CA.cer -CAkey CA.key -set_serial 01 -out example.cer
A self-signed certificate, "example.cer", is generated by this command.
- The procedure provided in this document is intended as a sample. Note that creating an SSL Certificate is out of Cisco's support range, and that it needs to be created at the customer's own responsibility.
- The self-signed certificate created based on the procedure provided in this document can be used for testing purposes in a closed network, or for applications within the internal LAN environment. If more advanced security is required, the Certificate Authority services such as VeriSign must be used.
- For the procedure of installing a certificate in your product, please see the product manual.
A self-signed
Related Information
Original Document: https://supportforums.cisco.com/ja/document/137596
Author: Yusuke Yoshinaga
Posted on April 24, 2013