Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1298
Views
0
Helpful
4
Replies

PCP 11.0: How to create a certificate signing request

Go to solution
ROBERT SCHUKNECHT
Level 5
Level 5

‎08-18-2015 08:39 AM

Hi,

 

i want to install an signed certificate from our internal CA. How can i create a CSR from PCP so i am able to request a certificate from my CA?

 

Kind Regards,

 

Robert

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Anthony Gerbic
Cisco Employee
Cisco Employee

‎08-18-2015 04:18 PM

Robert,

This is what I understand to be the process:

1. Generate private key

    To generate the server private key:

    /opt/cupm/httpd/bin/openssl genrsa -des3 -out server.key 2048

2. To generate the csr:

    /opt/cupm/httpd/bin/openssl req -new -key server.key -out server.csr

3. Give this csr to generate the certificate - -this will be .crt file.


4. Then follow these steps after you have followed the third party CA Procedure

Upload the third party cert
      A. If using a PCP 10.6 or later revision, use the Administration/Updates UI to load the cert.
      B. If using an older PCP revision do the following:
            - Copy the third party certificate and key file to /opt/cupm/httpd folder.
            - Edit the following line in ssl.conf file using vi (located in /opt/cupm/httpd/conf) as follows:

                 SSLCertificateFile /opt/cupm/httpd/<your_own_cert_file>.crt
                          
                 SSLCertificateKeyFile /opt/cupm/httpd/<your_own_key_file>.key
 
            - Save the changes and close the file.

5. Restart the Apache server by using the following commands:

        /opt/cupm/httpd/bin#./apachectl -k stop

        /opt/cupm/httpd/bin# ./apachectl -k start -DSSL

 

vi commands:

  •       navigate up/down with arrows
  •       <i> to get in edit mode
  •       type and paste in text
  •       use <del> to backspace and remove any text
  •       <ESC> to exit edit mode
  •       :wq to save and exit vi

 

Regards

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎08-18-2015 10:27 AM

It should be the same process as for 10.5, if not, simply look for this guide on 11.x

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/collaboration/10-5/assurance/addendum/Cisco_Prime_Collaboration_10_5_Assurance_Addendum_for_User_Guides.pdf

HTH

java

if this helps, please rate
0 Helpful

Go to solution
topher1086
Level 4
Level 4
In response to Jaime Valencia

‎08-18-2015 11:45 AM

I tried this on our 11.0 PCP, but no luck.  The guide is talking about Assurance.  This is the Provisioning Manager we're looking at.

Thanks,

0 Helpful

Go to solution
Anthony Gerbic
Cisco Employee
Cisco Employee

‎08-18-2015 04:18 PM

Robert,

This is what I understand to be the process:

1. Generate private key

    To generate the server private key:

    /opt/cupm/httpd/bin/openssl genrsa -des3 -out server.key 2048

2. To generate the csr:

    /opt/cupm/httpd/bin/openssl req -new -key server.key -out server.csr

3. Give this csr to generate the certificate - -this will be .crt file.


4. Then follow these steps after you have followed the third party CA Procedure

Upload the third party cert
      A. If using a PCP 10.6 or later revision, use the Administration/Updates UI to load the cert.
      B. If using an older PCP revision do the following:
            - Copy the third party certificate and key file to /opt/cupm/httpd folder.
            - Edit the following line in ssl.conf file using vi (located in /opt/cupm/httpd/conf) as follows:

                 SSLCertificateFile /opt/cupm/httpd/<your_own_cert_file>.crt
                          
                 SSLCertificateKeyFile /opt/cupm/httpd/<your_own_key_file>.key
 
            - Save the changes and close the file.

5. Restart the Apache server by using the following commands:

        /opt/cupm/httpd/bin#./apachectl -k stop

        /opt/cupm/httpd/bin# ./apachectl -k start -DSSL

 

vi commands:

  •       navigate up/down with arrows
  •       <i> to get in edit mode
  •       type and paste in text
  •       use <del> to backspace and remove any text
  •       <ESC> to exit edit mode
  •       :wq to save and exit vi

 

Regards

0 Helpful

Go to solution
ROBERT SCHUKNECHT
Level 5
Level 5
In response to Anthony Gerbic

‎08-19-2015 02:38 AM

Hi Anthony,

 

thanks for your tip. Altough i am using version 11.0 bullet point 4.A did not work for me. I had to do it as bullet point 4.B describes it.

 

Thanks for your help.

 

Kind Regards,

 

Robert

0 Helpful
Customers Also Viewed These Support Documents