Step 3 Send the CSR file to a Certificate Authority (CA) of your choice.
Note Once you have generated and sent the CSR file for certification, do not use the genkey command again to generate a new key on the same Prime Infrastructure server. If you do, importing the signed certificate file will result in mismatches between keys in the file and on the server.
Step 4 You will receive a signed certificate file with the same filename, but with the file extension CER, from the CA. Before continuing, ensure:
There is only one CER file. In some cases, you may receive chain certificates as individual files. If so, concatenate these files into a single CER file. Any blank lines in the CER file are removed. Step 5 At the command line, copy the CER file to the backup repository. For example:
Step 7 Restart the Prime Infrastructure server by issuing the following commands in this order:
- ncs stop
- ncs start
Step 8 If the Certificate Authority who signed the certificate is not already a trusted CA: Instruct users to add the certificate to their browser trust store when accessing the Prime Infrastructure login page.
Importing a Certificate Authority (CA) Certificate and Key
Step 1 At the command line, log in using the administrator ID and password and enter the following command:
aliasname is a short name given for this CA certificate. ca-cert-filename is the CA certificate file name. repositoryname is the repository name configured in Prime Infrastructure where the ca-cert-filename is hosted. Step 2 To import an RSA key and signed certificate to Prime Infrastructure, enter the following command in admin mode:
key-filename is the RSA private key file name. cert-filename is the certificate file name. repositoryname is the repository name configured in Prime Infrastructure where the key-file and cert-file are hosted. Step 3 Restart the Prime Infrastructure server by issuing the following commands in this order:
Copy the mycert file to the CA and get the CA back. Copy all certificates together for a chain which needs to be imported in the following order:
*Intermediate CA cert *
*Root CA cert *
Additional we need the p7b file from the CA which contains the chain.
ncs key importcacert mycert.cer mycert.cer reporitory myrepo
The restart is necessary before we import the p7b file. Otherwise we might get an
Import p7b file
ncs key importsignedcert mycert.p7b repository myrep
We will be having a deployment that 2 sites have both active and standby WLC.The APs in site 1 will connect to the WLC in site 1 and the APs in site 2 will connect to the WLC in site 2.If both the active and standby wlc is down on site 1, the APs will con...
I have a device N9K-c93180YC-EX and a PI 3.4I add the to N9K-c93180YC-EX to PI 3.4, and the prime said that device unsopported. I check the differents version 3.4, 3.5, 3.6, 3.7 3.8But in no version is it compatible.I it is rare that...
Hi, Stupid question, I need to reinstall MSE one the 3355 Appliance because the whole installation is screwed up. I downloaded the files from Cisco for the CISCO-MSE-L-K9-8-0-150-0-64bit.bin.tar.gz but how to do put this into a bootable format? ...
Hi,Trying to set up a brand new 9130-EWC as a replacement for my Mobility Express network in my home. I power it up, launch the Cisco Catalyst Wireless App, scan the code, and I'm getting the message "Connection to SSID 'CiscoAirProvision-0890' faile...
I don't often use Cisco wireless equipment, but when I have in the past, I have simply set up single APs in autonomous mode. It looks to me as if there are no current Cisco products that can operate like this anymore. The datasheets all speak of using a W...