Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
5
Helpful
4
Replies

need help on CA cerftificate on PRime Infra

Go to solution
jatshar401
Level 1
Level 1

‎03-21-2015 04:14 AM

Hi Experts,

can somebody guide me for CA certificate  installation & procedure for prime infrastructure.

i'm newbie to prime infrastructure.

any help  appreciated ?

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ashok Kumar
Cisco Employee
Cisco Employee

‎03-21-2015 04:19 AM

Hi

Generating the Certificate
--------------------------

*********************************************************************************************
To generate a CSR, get it signed by a Certificate Authority (CA), and ready it for import:
*********************************************************************************************

Step 1 Log in to Prime Infrastructure using the command line, as explained in Connecting Via CLI. Do not enter “configure terminal” mode.

Step 2 At the prompt, enter the following command to generate the CSR:

ncs key genkey -newdn -csr test.csr repository defaultRepo

This will generate the CSR file “test.csr” in the Prime Infrastructure server’s default repository.

Step 3 Copy test.csr to a file storage resource to which you have all access rights. For example:

copy disk:/defaultRepo/test.csr ftp\://your.ftp.server.

Step 4 Submit the test.csr file to the third-party Certificate Authority for verification and signing. Depending on the CA, you may need to email the file, or paste its contents into a web form.

Step 5 You will receive the server and CA certificates from the CA. For example:

 CN .cer - The server certificate. CN is replaced with the common name of the CA (e.g., “MyCompany CA”).
 CA .cer - The CA certificate from the signing authority. You may receive more than one of these files, with various names.
Step 6 Copy all the certificate files from your file resource back to the default repository. For example:

copy ftp\://your.ftp.server/CN.cer disk:defaultRepo

copy ftp\://your.ftp.server/CA.cer disk:defaultRepo

You are now ready to import the certificates into the Prime Infrastructure server, as explained in Importing the Certificate to Prime Infrastructure


**************************************************
Importing the Certificate to Prime Infrastructure
**************************************************

Once you have received and prepared the signed CA certificate (as explained in Generating the Certificate), you must import it to the Prime Infrastructure server. If you are using Prime Infrastructure’s High Availability (HA) features, you will need to import it into both the primary and secondary servers.

Step 1 If you have not already done so, log in to Prime Infrastructure using the command line, as explained in Connecting Via CLI. Do not enter “configure terminal” mode.

Step 2 At the prompt, enter the following command to import the CA certificate file:

ncs key importcacert CA-Alias CA.cer repository defaultRepo

If you have more than one CA certificate file: Repeat this step for each CA cert file.

Step 3 Finally, import the CN.cer file into the server:

ncs key importsignedcert CN.cer repository defaultRepo

Step 4 Restart the Prime Infrastructure server to apply the changes:

ncs stop

ncs start

*************
Verification
*************

Go to online verification of the Certification Authority, try to access the PI with public IP/domain name 

 


- Ashok

************************************************************************************************************

Please rate the useful post or mark as correct answer as it will help others looking for similar information

************************************************************************************************************

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Ashok Kumar
Cisco Employee
Cisco Employee

‎03-21-2015 04:19 AM

Hi

Generating the Certificate
--------------------------

*********************************************************************************************
To generate a CSR, get it signed by a Certificate Authority (CA), and ready it for import:
*********************************************************************************************

Step 1 Log in to Prime Infrastructure using the command line, as explained in Connecting Via CLI. Do not enter “configure terminal” mode.

Step 2 At the prompt, enter the following command to generate the CSR:

ncs key genkey -newdn -csr test.csr repository defaultRepo

This will generate the CSR file “test.csr” in the Prime Infrastructure server’s default repository.

Step 3 Copy test.csr to a file storage resource to which you have all access rights. For example:

copy disk:/defaultRepo/test.csr ftp\://your.ftp.server.

Step 4 Submit the test.csr file to the third-party Certificate Authority for verification and signing. Depending on the CA, you may need to email the file, or paste its contents into a web form.

Step 5 You will receive the server and CA certificates from the CA. For example:

 CN .cer - The server certificate. CN is replaced with the common name of the CA (e.g., “MyCompany CA”).
 CA .cer - The CA certificate from the signing authority. You may receive more than one of these files, with various names.
Step 6 Copy all the certificate files from your file resource back to the default repository. For example:

copy ftp\://your.ftp.server/CN.cer disk:defaultRepo

copy ftp\://your.ftp.server/CA.cer disk:defaultRepo

You are now ready to import the certificates into the Prime Infrastructure server, as explained in Importing the Certificate to Prime Infrastructure


**************************************************
Importing the Certificate to Prime Infrastructure
**************************************************

Once you have received and prepared the signed CA certificate (as explained in Generating the Certificate), you must import it to the Prime Infrastructure server. If you are using Prime Infrastructure’s High Availability (HA) features, you will need to import it into both the primary and secondary servers.

Step 1 If you have not already done so, log in to Prime Infrastructure using the command line, as explained in Connecting Via CLI. Do not enter “configure terminal” mode.

Step 2 At the prompt, enter the following command to import the CA certificate file:

ncs key importcacert CA-Alias CA.cer repository defaultRepo

If you have more than one CA certificate file: Repeat this step for each CA cert file.

Step 3 Finally, import the CN.cer file into the server:

ncs key importsignedcert CN.cer repository defaultRepo

Step 4 Restart the Prime Infrastructure server to apply the changes:

ncs stop

ncs start

*************
Verification
*************

Go to online verification of the Certification Authority, try to access the PI with public IP/domain name 

 


- Ashok

************************************************************************************************************

Please rate the useful post or mark as correct answer as it will help others looking for similar information

************************************************************************************************************

0 Helpful

Go to solution
jatshar401
Level 1
Level 1
In response to Ashok Kumar

‎03-21-2015 04:23 AM

thanks ashok for super quick reply :)

this will be good for me , any online guide for it?

0 Helpful

Go to solution
Ashok Kumar
Cisco Employee
Cisco Employee
In response to jatshar401

‎03-21-2015 04:28 AM

Hi,

Below link will help you.

Cisco Prime Infrastructure 2.2 Administrator Guide: Setting Up HTTPS Access to Prime Infrastructure

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/administrator/guide/PIAdminBook/config_server_settings.html#pgfId-1084298


- Ashok

************************************************************************************************************

Please rate the useful post or mark as correct answer as it will help others looking for similar information

************************************************************************************************************

Go to solution
jatshar401
Level 1
Level 1
In response to Ashok Kumar

‎03-21-2015 04:32 AM

thanks ashok, this was real quick.....help

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card