Re: Installing Valid SSL Certificate for Agent Reskilling Tool

david.macias · ‎08-29-2012

Has anyone done this? I'm looking for documentation and can't find anything. There's documentation for UCM/CUIC, but nothing for agent reskilling. The Cisco Security Best Practices seems to just gloss over this subject and not really provide any good data.

david

Blog

Joe Gilbert · ‎07-29-2013

Hi David, I recently tried to do this and I think I figured out a solution. This is on ICM 8.5(4). Let me know if this works for you.

Open SSL Encryption Utility. Select All Instances. Click Certificate Administration tab. Click Uninstall. Close SSL Encryption Utility.

Create Certificate request in IIS Manager.

Complete Certificate request in IIS Manager.

Export Certificate in IIS to c:\icm\ssl\[yourfile.pfx]. Remember password you use.

Open command prompt

Cd c:\icm\ssl\bin

Openssl.exe

pkcs12 -in c:\icm\ssl\[yourfile.pfx] -nocerts -out keyfile-encrypted.key

pkcs12 -in c:\icm\ssl\[yourfile.pfx] -clcerts -nokeys -out [host.crt]

Exit

Copy c:\icm\ssl\bin\host.crt to c:\icm\ssl (overwrite if necessary)

Copy c:\icm\ssl\bin\keyfile-encrypted.key to c:\icm\ssl (overwrite if necessary)

Open SSL Encryption Utility. Select All Instances. Click Certificate Administration tab. Click Install. Click no when it asks to create a new certificate. Close SSL Encryption Utility. I got one error but certificate imported successfully.

Verify by going to https:///reskill

Openssl commands taken from http://www.markbrilman.nl/2011/08/howto-convert-a-pfx-to-a-seperate-key-crt-file/

Marvin Tempro · ‎05-19-2018

Joe, I had to take a minute to express my gratitude to your helpful post. After installing ICM, the web setup tool loaded a 'page can't be displayed' message, I tried installing ICM 3 times same issue, then I found this thread and it solved my issue.
Thank you!

Joe Gilbert · ‎05-30-2018

Thank you, Marvin. I'm glad this worked for you.