07-08-2020 07:03 AM
Hi
I need to configure an internal Proxy to allow direct access to Cisco to download Prime updates and appliance software Images.
To do this I need to import the CA Certificate that is used to sign the certificate presented by our internal Proxy.
How do I import the CA Certificate and to which store should the CA Cert be added?
Thanks in advance.
07-08-2020 09:36 AM
I don't think Prime supports this functionality ; checkout the the menu-options in the link referenced and verify what is possible.
M.
07-09-2020 01:31 AM
Hi
I have configured the Proxy on Prime and the 'Test Connectivity' is successful.
But when I try the 'download' option under Administration > Software Updates and enter my CCO credentials I get the following error
My firewall/proxy support has captured the issue and has told me it is a certificate issue - the Proxy certificate is not trusted by Prime. So we believe that it is because the Proxy's signing root CA cert is not installed in the correct Prime certificate store.
There are 4 possible stores:
<hostname>/admin# ncs certvalidation trusted-ca listcacerts truststore ?
devicemgmt Trust store used for validating cert from managed devices
pubnet Trust store used for validating cert from public internet
system Trust store used for validating cert from other peer systems
user Trust store used for validating cert for user login
I am assuming that the CA cert should go in either system or pubnet but either requires a reboot.
Should I just import to both?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide