Cisco IPICS Server Installation and Upgrade Guide, Release 2.1(1)
Installing Cisco IPICS
Downloads: This chapterpdf (PDF - 663.0KB) The complete bookPDF (PDF - 1.34MB) | Feedback

Installing Cisco IPICS

Table Of Contents

Installing Cisco IPICS

Before You Begin

Obtaining the IP Addresses for Your Cisco IPICS System

Preinstallation Checklist

Installing the Cisco IPICS Operating System

Installation Caveats for Cisco MCS 7825 Servers

Installing the Cisco IPICS Operating System Software

Installing the Cisco IPICS Server Software

Performing a Direct Cisco IPICS Server Software Installation

Performing a Remote Cisco IPICS Server Software Installation

Restarting or Shutting Down the Server

Preparing to Use Cisco IPICS

Checking the Installation

Managing Your Licenses and Certificates

Obtaining Your License File

Uploading the Cisco IPICS License Files

Viewing the License Summary Information

Tracking Your License Usage

Managing Time-Bound Licenses

Installing Third Party Certificates On the Cisco IPICS Server

Requesting a Third Party Certificate

Installing a Third Party Certificate

Generating the Cisco IPICS PMC Application Installer


Installing Cisco IPICS


This chapter describes the procedures that you need to follow to install the Cisco IPICS operating system and the Cisco IPICS server software.

This chapter includes the following sections:

Before You Begin

Installing the Cisco IPICS Operating System

Installing the Cisco IPICS Server Software

Restarting or Shutting Down the Server

Preparing to Use Cisco IPICS

Before You Begin

This section describes the activities that you must follow to prepare for the Cisco IPICS operating system and server installations and includes the following topics:

Obtaining the IP Addresses for Your Cisco IPICS System

Preinstallation Checklist

Obtaining the IP Addresses for Your Cisco IPICS System

To facilitate communications between your users, your Cisco IPICS system requires a pool of IP addresses that can be reached by all users in your network domain.

The Cisco IPICS server requires a static, local IP address that is advertised on the network. Cisco IPICS end points, such as the PMC or Cisco Unified IP Phone, must have the static address of the Cisco IPICS server to maintain communications.

Because Cisco IPICS converts analog push-to-talk (PTT) radio traffic to IP traffic, each radio channel gets mapped to an IP multicast address. Similarly, in hoot'n'holler systems, each talk group gets mapped to an IP multicast address. Users on IP-connected devices, such as the PMC, can participate in these channels by connecting via a multicast IP address or by using a unicast remote connection through the Session Initiation Protocol (SIP).

Cisco IPICS requires a multicast address for each of the following activities:

Creating a PTT channel

Creating a talk group in a hoot'n'holler system

Activating a virtual talk group (VTG)

Connecting a dial user into a channel or VTG

For ease of allocating IP addresses, it is helpful to obtain a subnet of IP addresses from which you can configure the devices that are part of that subnet.

Cisco IPICS also requires an IP address for the loopback interface for the router media service (RMS). A loopback interface consists of two T1/E1 interfaces on the RMS that are connected by a short cable called a loopback cable. A loopback interface is used for voice signaling and media for any SIP-based connections with Cisco IPICS.


Note Cisco recommends that you specifically configure the Loopback0 interface when there is more than one IP path to the RMS. However, you may configure an interface other than Loopback0 if specific criteria are met. For details about this criteria, refer to the "Configuring the Cisco IPICS RMS Component" appendix in the Cisco IPICS Server Administration Guide, Release 2.1(1).


Consult your network administrator to obtain IP addresses for the Cisco IPICS system, channels, VTGs, and the RMS.

For information about configuring and using IP addresses with Cisco IPICS, and for more information about the RMS, refer to the "Configuring the Cisco IPICS RMS Component" appendix in the Cisco IPICS Server Administration Guide, Release 2.1(1).

Preinstallation Checklist

Before you begin the installation, make sure that you perform the following tasks:

Preinstallation Tasks 
Checkoff

Check that you have both CDs from the Cisco IPICS installation package.

Check that the power cords on your server and monitor are securely attached and plugged in to a power source.

Attach an Ethernet network cable to the Ethernet 0 (eth0) port on your server.

Note You must connect your network cable to the eth0 interface on your server. Generally, for servers that label their Ethernet interfaces as NIC 1 and NIC 2, connect the Ethernet cable to the NIC 1 interface; this interface is usually the eth0 interface. For servers that label their Ethernet interfaces as 1 and 2, consult the product documentation that you received with your server to determine how the server labels its interfaces. In all cases, it is a good practice to verify the location of the eth0 interface on your specific server before you proceed.

Make sure that you have at least 160 GB of hard disk space available in your Cisco IPICS server.

Cisco strongly recommends that you attach an uninterruptible power supply (UPS) to your system and ensure that the UPS is operating correctly.

Check that your monitor cable connector is appropriate for the connector on the server. Video Graphics Array (VGA) analog and VGA digital are common connector types but are not compatible with each other without the proper adapter.

Before you begin the installation process, check the power settings on your monitor to make sure that the display is not configured with any timeout values.

Note If your display times out while you are performing the installation and you can no longer see the progress on your monitor, move your mouse to restore the display. Make sure that you do not press any keys on the keyboard in an effort to restore your display. Pressing keys without being able to view the information that displays on your monitor can cause undesirable results.

Ensure that you have obtained the IP address, subnet mask, default gateway, and DNS server (optional) information for the Cisco IPICS server from your network administrator.

Check that you have obtained the Media Access Control (MAC) address for the eth0 interface of the Cisco IPICS server. Cisco IPICS uses the MAC address of the server to validate the Cisco IPICS license. For information about how to obtain the MAC address, see Step 30 in the "Installing the Cisco IPICS Operating System Software" section.

Note In a system with multiple network interface cards (NICs), Cisco IPICS always uses the eth0 MAC address to validate the license, even if eth0 is disabled.

If your network uses the Network Time Protocol (NTP), obtain the IP address or DNS name of the NTP server.

Note You can configure NTP when you install the Cisco IPICS operating system software, or you can configure NTP after you install the Cisco IPICS software by using the ntpsetup command. For information about the ntpsetup command, refer to the "Configuring NTP on the Cisco IPICS Server with the ntpsetup Tool" section in the "Using the Cisco IPICS CLI Tools and Service Commands" chapter in the Cisco IPICS Troubleshooting Guide, Release 2.1(1).

You can install a third party certificate to replace the Cisco IPICS self-signed certificate. For more information about installing third party certificates, see the "Installing Third Party Certificates On the Cisco IPICS Server" section. A third-party certificate is not required for use with Cisco IPICS.


To ensure the functionality of Cisco IPICS, you should also perform the following tasks either before or after you install Cisco IPICS:

Tasks
Checkoff

Ensure that you have obtained multicast IP addresses for channels and VTGs. (If you do not have access to this information, contact your system administrator.)

Check to make sure that the T1/E1 interfaces on the RMS are connected via a loopback cable. This cable is a short-length crossover cable with the following pinouts: 1-4, 2-5, 4-1, 5-2. One end of the cable is attached to each of the RJ-45 connectors on the T1/E1 interfaces for the RMS device. The connected interfaces are used for voice signaling and media for any SIP-based connections with Cisco IPICS. If you do not have a crossover cable, contact your authorized Cisco support representative for assistance to obtain one.

Ensure that you have obtained an address for the RMS interfaces that are connected by a loopback cable. (If you do not have access to this information, contact your system administrator.)


If you use the Cisco IPICS dial engine, which controls dial-in and dial-out functionality, ensure that you complete the following tasks before you use the dial engine:

Tasks
Checkoff

Ensure that you have the IP address, SIP listening port, and preferred transport type of your SIP provider. Support for SIP-based dial functionality is provided via Cisco Unified Communications Manager or a Cisco router that runs a supported version of Cisco IOS and Cisco Unified Communications Manager Express as the SIP provider. The policy engine requires that a SIP provider be configured in the customer network.

For information about configuring a SIP provider, refer to the Cisco IPICS Server Administration Guide, Release 2.1(1).

If your SIP provider is Cisco Unified Communications Manager, determine the authentication credentials that Cisco IPICS uses when it initiates a call into Cisco Unified Communications Manager. Authentication is not required with Cisco Unified Communications Manager Express.

Be sure that your SIP provider uses a supported version of Cisco Unified Communications Manager, Cisco IOS, and/or Cisco Unified Communications Manager Express. Refer to the Cisco IPICS Compatibility Matrix for the most updated list of supported hardware and software for use with Cisco IPICS.

Determine how your Cisco IPICS system fits into the dial plan of your SIP provider. For example, determine the range of directory numbers (DNs) that must be routed from the SIP provider to the Cisco IPICS system.


Installing the Cisco IPICS Operating System

This section describes the steps that you need to follow to install the Cisco IPICS operating system. This section includes the following topics:

Installation Caveats for Cisco MCS 7825 Servers

Installing the Cisco IPICS Operating System Software

Installation Caveats for Cisco MCS 7825 Servers

Be aware of the following caveats when you install the Cisco IPICS operating system on Cisco MCS 7825 servers:

Cisco IPICS does not support a Redundant Array of Disks (RAID) on Cisco MCS 7825 servers. If RAID is enabled on your Cisco MCS 7825 server, make sure that you disable it before you install the operating system.

When you install the Cisco IPICS operating system on Cisco MCS 7825-H1 and Cisco MCS 7825-H2 servers, you must disable both the Serial ATA (SATA) controller option and the Virtual Install Disk option to disable RAID. You do not need to take this action when you install the operating system on Cisco MCS 7845 servers because Cisco IPICS supports RAID on these servers.

To disable RAID, the Serial ATA controller option and the Virtual Install Disk option, follow Step 3 in the procedure that is documented in the "Installing the Cisco IPICS Operating System Software" section.

Installing the Cisco IPICS Operating System Software

To install the Cisco IPICS operating system software, perform the following procedure.

Procedure


Step 1 Turn the server on by pushing the power button that is located on the front panel of the server.

Step 2 Place the Cisco IPICS operating system installation CD into the server disk drive.

The system begins to boot.

If you are installing the Cisco IPICS operating system on a Cisco MCS 7825-H1 or Cisco MCS 7825-H2 server, you must disable the embedded SATA software RAID and the Virtual Install Disk option.

Continue to Step 3 for the steps to disable these features on these model servers.


Note If you are installing Cisco IPICS on another Cisco MCS 7825 server, consult the product documentation that you received with your server to determine if RAID is enabled and the steps that you perform to disable it.


If you are installing the Cisco IPICS operating system on a Cisco MCS 7845 server, you do not have to disable these features and can proceed to Step 5.

Step 3 Enter the System Maintenance menu by following these steps:

a. Listen closely to the sounds that you hear from the server and watch your monitor as the server boots.

b. When you hear the server beep and see the message, "Press F10 key to enter System Maintenance Menu," press F10.

The System Maintenance menu displays with the following choices:

Setup Utility—This menu provides access to configuration utilities from which you can change settings for server components, such as the embedded SATA software RAID and the Virtual Install Disk.

Inspect Utility—This menu provides access to statistical information about the server and its components, such as PCI Device Info and a System Memory Map.

Diagnostic Utility—This menu includes utilities that you can use to perform diagnostic tests on the server, such as a memory test or a CPU test.

Step 4 Enter the Setup Utility by choosing Setup Utility from the System Maintenance menu; then, press Enter.

The Setup Utility displays.

a. From the Setup Utility menu, press the Down Arrow key to highlight Advanced Options; then, press Enter.

The Advanced Options menu displays.

b. Press the Down Arrow key to highlight Virtual Install Disk.

When you highlight Virtual Install Disk, the current status displays below the menu.

c. Perform one of the following actions, depending on the status of the Virtual Install Disk:

If the status displays as Disabled, go to Step e.

If the status displays as Enabled, change the Configuration Selection. To change the selection, press Enter to open the menu; then, press the Down Arrow key to select and highlight Disabled.

d. Press Enter to confirm your choice.

The Virtual Install Disk setting displays as Disabled.

e. From the Advanced Options Menu, press the Down Arrow key to select and highlight either Embedded SATA RAID or Sata Software Raid (the wording of the SATA RAID option differs depending on your server hardware).

The current status displays below the menu.

f. If the status displays as Disabled, go to Step h.

If the Embedded SATA RAID or Sata Software Raid status displays as Enabled, press Enter to open the menu; then, press the Down Arrow key to select and highlight Disabled.

g. Press Enter to confirm your choice.

h. Press Esc twice to close the menus and exit the utility.

i. Press the F10 key to confirm that you want to exit and save your changes.


Note If you press any other key besides F10, the system returns to the Setup Utility Main menu. In this case, you must repeat the Setup Utility steps that begin with Step 4.


The server begins to boot from the CD. This time, when the system beeps, let it continue to boot from the CD.

The Cisco IPICS operating system installation displays the CD version of the Cisco IPICS operating system and the option to overwrite the hard drive.

Step 5 To overwrite the hard drive and install the Cisco IPICS operating system files, perform these steps:

a. When the system prompts you to overwrite the hard drive, enter Y; then, press Enter.


Note Do not press any keys, including the SysRq key, during the installation. Pressing the SysRq key causes a kernel panic condition on your server, which requires a hard reboot to fix.


The Cisco IPICS operating system Installation Progress window displays the progress of the installation. The operating system installer formats the file system and installs the software packages.


Note After the package installation completes, the window may appear unresponsive or the screen may become blank. Wait while the system completes the background security processes.


The server ejects the installation CD and the Installation Complete window displays.

b. Remove the CD from the drive.


Note Keep your installation CD in a safe location in the event that you need to reinstall the operating system.


c. To view the technical information that relates to this release of the Cisco IPICS operating system, click Release Notes or press Alt+R.


Note If your mouse begins to move erratically across your display, it may be due to the operating system loading an incorrect driver for your mouse. If you encounter this situation and it affects your ability to navigate with your mouse, use the keyboard shortcuts to perform Step c through Step e.


Although the status window indicates that the installation is complete, you must complete several more tasks before you can install the Cisco IPICS server software. Make sure that you perform the remaining steps in this procedure to complete the Cisco IPICS operating system configuration.

d. To close the window for the Release Notes, click X or press Alt+C.

The Release Notes window closes.

e. To close the window and reboot the server, click Exit or press Alt+E.

The server reboots.

During the bootup process, a GRUB window displays with the Cisco IPICS software installation highlighted.

Step 6 After the GRUB window displays, press Enter to continue with the boot process. Alternatively, you can take no action and let the window time out.

One of the following windows displays:

The system displays the window for the Kudzu hardware detection utility. This utility detects, and allows you to configure, new hardware during the Cisco IPICS operating system installation.

The system displays the Welcome window. You enter network configuration information for Cisco IPICS in the series of windows that follow the Welcome window.

Step 7 If the Kudzu hardware detection utility window displays, press any key.


Note You must press a key within 3,600 seconds (one hour) or the Kudzu window times out. If the Kudzu window times out, you must rerun the Kudzu hardware detection utility after you complete the initial installation process. See the "Cisco IPICS Cannot Detect the NIC During Installation" section on page 5-2 for more information about how to rerun the Kudzu hardware detection utility.


Step 8 Perform the following steps, depending on the window that the system displays:


Note The installer may display different windows depending on the hardware platform that you use. The first time that the installer prompts you to configure the eth0 interface, you must choose the Dynamic Host Configuration Protocol (DHCP), as described in Step 10. This step is required to ensure that the appropriate driver is installed. Then, you must overwrite the DHCP configuration with a static IP address for the eth0 interface, as described in Step 19. If the installer prompts you to configure the eth1 interface, make sure that you choose the Ignore the device option. Cisco IPICS does not support the use of the eth1 interface.


If a window displays to indicate that the system added a NIC, continue with Step 9 to configure the eth0 interface.


Note You must configure the eth0 interface to enable network connectivity to the server.


If a window displays to indicate that the system detected either an Intel SATA controller or an Intel IDE controller, proceed to Step 14.

If the Welcome window displays, proceed to Step 15.

Step 9 Press Enter to choose the Configure option from the following list of options:

Configure— Choose this option to configure the NIC that controls the eth0 interface. This option specifies the default.

Ignore the device—Choose this option if you do not have hardware that needs to be added to the server.

Do nothing—Choose this option if you do not want to configure the hardware. If you reboot the server, the hardware configuration utility detects the hardware as being newly installed, and the server prompts you to configure it.

The Cisco IPICS operating system configuration program displays the interface configuration window.

Step 10 Press the Spacebar to choose Use dynamic IP/configuration (BOOTP/DHCP).

An asterisk displays in the check box area to indicate that you have chosen to use DHCP.


Note This step allows the Cisco IPICS operating system to detect the NIC that controls the eth0 interface on your server and install the appropriate driver for the interface. Cisco IPICS does not use DHCP. You must use a static IP address to configure your Cisco IPICS server for network connectivity. You perform the static IP configuration steps in the Network Setup window as described in Step 19.


Step 11 Press Tab or use the left and right arrows to choose OK.

Step 12 To accept your choice, press Enter.

Step 13 If the operating system configuration program displays a second window that indicates that the Cisco IPICS operating system detected another NIC, perform the following actions to ignore the configuration for the eth1 interface:

a. Press Tab to choose Ignore.

b. Press Enter to confirm.


Note Make sure that you do not configure the eth1 interface. Cisco IPICS does not support the configuration of the eth1 interface.


The Cisco IPICS operating system configuration program continues without configuring the eth1 interface, and displays a window indicating that it detected an Intel controller.

Step 14 If the system displays a window to indicate that it detected either an Intel SATA controller or an Intel IDE controller, press Enter to accept the Configure option and configure the controller.

The system automatically configures the controller.

A Cisco IPICS operating system Welcome window displays.

Step 15 At the Welcome window, click Next.

The Root Password window displays.

Step 16 Enter a password for the root user.

The root user has access to all the files in the Cisco IPICS server. Cisco IPICS requires that you use strong passwords that contain at least eight characters and include the following elements:

At least one lower case letter

At least one upper case letter

At least one number

At least one of the following special characters:

@ [ ] ^ _ ` ! " # $ % & ' ( ) * + , - . / : ; { < | = } > ~ ?


Note If you need to change the root password at a later date, you can log in to the Cisco IPICS server as the root user and change it by using the reset_pw command. For more information, refer to the "Resetting, Changing, or Creating a Password With the reset_pw Tool" section of the "Using the Cisco IPICS CLI Tools and Service Commands" chapter in the Cisco IPICS Troubleshooting Guide, Release 2.1(1).


Step 17 Reenter the password and click Next.

The Network Setup window displays.

Cisco IPICS prompts you to enter the DNS server information.

Step 18 In the DNS Information area in the Network Setup window, enter the Primary and Secondary DNS (if any) and the domain name of your server in the specified fields.

Step 19 In the Ethernet Port 1 (device eth0) area, enter the host name, IP address, subnet mask, and default gateway for your server in the specified fields.

Step 20 Click Next.

The Timezone window displays.

Step 21 Choose the correct time zone for your area from the choices in the selection list.

If your system clock uses Universal Coordinated Time (UTC), make sure that you check the System Clock uses UTC check box.

Step 22 Click Next.

The Date and Time window displays.

Step 23 Perform one of the following actions to set the system date and time:

If your network uses the Network Time Protocol (NTP), check the Enable Network Time Protocol check box; then, enter the name or IP address of your NTP server in the Server field.


Note If you configure NTP on the server, the system administrator should provide instructions to the PMC users to also configure the Windows Time Service on their PMC client machines to enable synchronization between the PMC and the server logs. For detailed information about how to configure the Windows Time Service, refer to the Microsoft support site at http://support.microsoft.com/ and search for Article ID 307897.

If you install a time-bound license for your system, use caution when enabling NTP. Adjustments to the system date can cause Cisco IPICS to invalidate your license. For more information, see the "Managing Time-Bound Licenses" section.


If your network does not use NTP, enter the current date and time in the appropriate fields.

Step 24 Click Next.

The Finish Setup window displays.

Step 25 Click Next.

The system processes an internal check list as it boots up. After the system has booted up, Cisco IPICS displays the following text:

Cisco IPICS

hostname login:

where:

hostname represents the host name that you specified in Step 19.

Step 26 Enter root in the hostname login: field; then, press Enter.

Cisco IPICS prompts you for the password for the root user.

Step 27 Enter the password that you created for the root user in Step 16; then, press Enter.

Step 28 To verify network connectivity, enter the following command:

[root]# ping <destination-ip-address>

where:

<destination-ip-address> represents the default gateway address or an IP address of another host on the network.

Step 29 Press Ctrl+C to stop the ping.

If the ping is not successful, troubleshoot the network connectivity with your network administrator.

Step 30 Locate the hardware MAC address for the eth0 interface by following these steps:

a. To display the MAC address of the eth0 interface, enter the following command:

[root]# ifconfig eth0

b. Note the HWaddr field in the command output.

The HWaddr field contains the MAC address for the eth0 interface.

c. Make a note of the MAC address information for the eth0 interface so that you can use it to obtain your license for Cisco IPICS.

d. To log out of the server, enter the following command:

[root]# exit


The Cisco IPICS operating system installation is now complete. You can continue with the installation of the Cisco IPICS server software. If you do not want to install Cisco IPICS immediately, you can resume the installation at a later time.

To install the Cisco IPICS server software, see the "Installing the Cisco IPICS Server Software" section.

Installing the Cisco IPICS Server Software

After you have successfully installed the Cisco IPICS operating system, you can install the Cisco IPICS server software by using one of the following methods:

Directly by using the installation CD at the Cisco IPICS server.

Remotely by copying the installer file to the server and entering remote commands.

The Cisco IPICS server installation program uses a text-based interface and does not provide support for a graphical user interface (GUI). This installation procedure allows you to choose from the following install options:

Install—This option installs the Cisco IPICS server software, including Cisco Security Agent (CSA).

Upgrade—This option upgrades your server from a previous version of Cisco IPICS. For information about performing an upgrade of the Cisco IPICS server software, see Chapter 3, "Upgrading Cisco IPICS."


Note Be aware that the options that the installer displays may differ depending on the current software version that is running on your system.


This section includes the following topics:

Performing a Direct Cisco IPICS Server Software Installation

Performing a Remote Cisco IPICS Server Software Installation

Performing a Direct Cisco IPICS Server Software Installation

If you have physical access to the Cisco IPICS server, you can install the server software directly from the server. To do so, you must have the Cisco IPICS installation CD that is included with your product package.


Note Be aware that you must log in as the root user to perform the Cisco IPICS installation. If you attempt to run the installation from any other user ID, the installation returns an error and exits.



Tip To terminate the installation process at any point in time, press Ctrl+C.


To install the Cisco IPICS server software directly from the server location, perform the following procedure:

Procedure


Step 1 Enter root in the hostname login: field in the terminal console; then, press Enter.

Cisco IPICS prompts you for the password for the root user.

Step 2 Enter the password that you created for the root user in Step 16 in the "Installing the Cisco IPICS Operating System Software" section; then, press Enter.

The Cisco IPICS operating system logs you in as the root user.

Step 3 Enter the free command and read the information that displays in the total column to check the total amount of installed memory.

The Cisco IPICS installation requires a minimum of 2 GB of memory.

The following example shows that there is a minimum of 2 GB of total memory in the server:

[root]# free
       total       used       free     shared    buffers     cached
Mem: 2055340     881152    1174188          0      25520     389028
-/+ buffers/cache:     466604    1588736
Swap:      2048248          0    2048248

If your server does not have sufficient memory, contact your Cisco representative to find out how you can purchase additional memory. Refer to the Cisco IPICS Compatibility Matrix for specific memory requirements.

Step 4 Insert the Cisco IPICS installation CD into the CD drive of the Cisco IPICS server.

Step 5 Mount the contents of the CD onto the server by entering the following command:

[root]# mount /mnt/cdrom

Step 6 To navigate to the CD location, enter the following command:

[root]# cd /mnt/cdrom

Step 7 To view the installer file, enter the following command:

[root]# ls -l

The directory of the CD displays.

Step 8 Locate the installer file in the directory listing.

The Cisco IPICS installer file has a .run file extension.

Step 9 To start the installation, enter the following command:

[root]# bash <installerfilename>.run

where:

<installerfilename>.run specifies the name of the installer file that you located in Step 7.

Cisco IPICS begins the installation process.

Text displays to inform you that you must read and accept the terms of the End User License Agreement (EULA) before you can proceed.

Step 10 Press Enter to display the EULA.

The Cisco IPICS installer displays the EULA.

Step 11 Press the Spacebar to scroll through and view the EULA. To accept the terms of the EULA, enter y or yes to continue with the installation.

You must accept the terms of the EULA to proceed.


Note To terminate the installation while the EULA is being displayed, press Ctrl+C. The installation terminates after the installation program displays the entire EULA. Press q to bypass the EULA and terminate the installation process.


The installation program prompts you to enter a password for the ipics user. The ipics user has the capability to perform all administration-related tasks via the Cisco IPICS Administration Console.

Step 12 Enter a password for the ipics user in the password field.

To ensure a strong password, use a password that is at least eight characters long and contains at least one of each of the following characters:

One lower case letter

One upper case letter

One number

One of the following special characters:

@ [ ] ^ _ ` ! " # $ % & ' ( ) * + , - . / : ; { < | = } > ~ ?


Note The installation program also creates a password for the informix Linux user by using a random algorithm. The informix user has full administrative permission to the Informix database instance and belongs to the ipics and informix linux groups. The ipics linux group includes permission to Cisco IPICS application-related folders, files, and scripts. The informix linux group includes full permission to the Cisco IPICS database server folders, files, and scripts. The password for this user ID never expires.


Step 13 Reenter the password; then, press Enter.

The installation program prompts you to enter a password for the Cisco IPICS ipicsadmin (administrative) Linux user. That ipicsadmin user belongs to the ipics linux group. In addition, the ipicsadmin user has permission to read and write data from and/or to the Informix database.

Step 14 Enter a password in the password field to create the ipicsadmin user password.

To ensure a strong password, use a password that is at least eight characters long and contains at least one of each of the following characters:

One lower case letter

One upper case letter

One number

One of the following special characters:

@ [ ] ^ _ ` ! " # $ % & ' ( ) * + , - . / : ; { < | = } > ~ ?


Note The password for the ipicsadmin user never expires.


Step 15 To begin the installation process, enter y or yes.

The Cisco IPICS software begins the installation process.

A progress bar displays to indicate the percentage of the installation that has completed.

Step 16 After the file installation completes, a message displays to inform you of the status.

The following text is an example of the message that you might see when the installation has successfully completed.

"The installation has completed successfully."

        You can view the installation log file by navigating
        to the following directory:
            
"/var/opt/CSCOipics/run/20061018092707/ipics-install-log.txt"

        To complete the installation, you must reboot your server.
Do you want to reboot now? (YES/NO): [YES]

Step 17 Enter YES to reboot your server.

The server reboots and your Cisco IPICS server becomes available.


Note If you enter NO, complete the restart before you attempt to log in to Cisco IPICS. Cisco IPICS processes, such as the tomcat service and database server, do not start until you reboot the server.

To reboot your server at a later time, follow the procedure in the "Restarting or Shutting Down the Server" section.


Performing a Remote Cisco IPICS Server Software Installation

This section describes the procedure that you can follow to install Cisco IPICS from a PC that is remotely connected to the network.

To install the Cisco IPICS server software from a remote location, perform the following procedure:

Procedure


Step 1 Transfer the installer file from the Cisco IPICS installation CD to the Cisco IPICS server. To do so, perform one of the following tasks:

Place the CD (or have someone place it for you) in the Cisco IPICS server and copy the installer file to the server. Follow the steps that are documented in Step 2 to perform this procedure.

Place the CD in a PC and transfer the installer file to the Cisco IPICS server by using a File Transfer Protocol (FTP) client software program, such as Secure Shell (SSH) Client software (or similar software). Follow the steps that are documented in Step 3 to perform this procedure.

Step 2 To copy the installer file from the CD, perform the following steps:

a. Insert the Cisco IPICS installation CD in the server disk drive.

b. Choose Start > Programs > SSH Secure Shell > Secure Shell Client to remotely connect to the Cisco IPICS server.


Note The SSH idle timeout value is 120 minutes (two hours). Therefore, make sure that you do not leave an SSH remotely-connected session inactive for more than two hours; otherwise, the session times out.



Tip If you do not have Secure Shell Client installed on your PC, use another secure client program.


c. Click Quick Connect to connect to the Cisco IPICS server.

The Connect to Remote Host window displays.

d. In the Host field, enter the DNS host name or the IP address for your Cisco IPICS server; then, press the Tab key.

e. In the User Name field, enter root.

f. Click Connect.

The Enter Password window displays.

g. Enter the password for the root user and click OK.

The SSH Secure Shell Client software window displays.

h. Mount the contents of the CD onto the server by entering the following command:

[root]# mount /mnt/cdrom


Note During the installation process, error messages, such as cdrom_decode_error, may display when you access the CD. You can ignore these messages, as they do not affect the installation or operation of the Cisco IPICS server.


i. Navigate to the cdrom subfolder in the CD location by entering the following command:

[root]# cd /mnt/cdrom

j. To view the installer file, enter the following command:

[root]# ls -l

The directory of the CD displays.

k. Locate the installer file in the directory listing.

The Cisco IPICS installer file has a .run file extension.

l. Copy the installer file to the /root directory by entering the following command:

[root]# cp /mnt/cdrom/<installerfilename>.run /root

where:

<installerfilename>.run represents the name of the .run file that was displayed in Step j.

The installer file copies from the CD to the /root directory.

m. Navigate from the /mnt/cdrom directory to an internal directory on your server by entering the following command:

[root]# cd <serverdirectory>

where:

<serverdirectory> is any internal directory or subdirectory on your server.

n. To unmount the installation CD and eject it from the disk drive, enter the following command:

[root]# eject


Note Be aware that you must navigate away from the /mnt/cdrom directory and enter the eject command to unmount the contents of the CD and eject the CD from the server. If you try to eject the CD by pushing the eject button on the server, the CD will not eject.


Step 3 To transfer the file to the server from a remote location, follow these steps:

a. Insert the Cisco IPICS installation CD in the CD drive of your PC.

b. Choose Start > Programs > SSH Secure Shell > Secure File Transfer Client to open the Secure File Transfer Client.


Note If you do not have Secure File Transfer Client installed on your PC, use another program that permits a secure file transfer session between your PC and the server.


The SSH Secure Shell File Transfer Client window displays. The desktop of your PC displays in the left pane.

c. Click Quick Connect to connect to the Cisco IPICS server.

The Connect to Remote Host window displays.

d. In the Host field, enter the DNS host name or the IP address for your Cisco IPICS server. Then, press the Tab key.

e. In the User Name field, enter root.

f. Click Connect.

The Enter Password window displays.

g. Enter the password for the root user and click OK.

The SSH Secure Shell File Transfer Client connects to the Cisco IPICS server and displays the contents of the /root directory in the right pane of the window.

h. In the left pane of the window, navigate to the folder on your PC that corresponds to the location of the Cisco IPICS installation CD (for example, My Computer\Compact Disk Z:).

i. Double-click the CD folder to browse the contents of the CD.

The contents of the CD displays.

j. Double-click the cdrom subfolder to browse its contents.

k. Locate the installer file in the cdrom subfolder on the CD.

The installer file has an extension of .run.

l. Drag the installer file from the left pane of the window to the right pane to initiate the copy procedure.

A progress window displays while the file copies to the /root directory of the server. After the copy procedure completes, the installer file displays in the right pane.

m. Close the SSH Secure Shell File Transfer Client.

Step 4 Open a terminal window to the Cisco IPICS server by using SSH Secure Shell Client software or similar software.

Step 5 In the User Name field, enter root.

Step 6 Click Connect.

The Enter Password window displays.

Step 7 Enter the password for the root user and click OK.

The SSH Secure Shell Client software window displays.

Step 8 To view the installer file, enter the following command:

[root]# ls -l

The contents of the /root directory display.

Step 9 Locate the installer file in the directory listing.

The Cisco IPICS installer file has a .run file extension.

Step 10 Change the access mode of the installer file by entering the following command:

[root]# chmod 550 <installerfilename>.run

where:

<installerfilename>.run represents the name of the installer file.


Note Entering this command allows the root user ID to read and run the installer file.


Step 11 To run the installer from a SSH Secure Shell Client software (or similar software) window, follow the procedure as described in the "Performing a Direct Cisco IPICS Server Software Installation" section, starting with Step 9.


Restarting or Shutting Down the Server

To restart the server, perform the following procedure:


Caution Be aware that when you shut down or restart your server, all user communications terminate. In addition, Cisco IPICS logs out all users who are logged in to the Administration Console. Therefore, make sure that you only shut down or restart your server during a maintenance window or other period of system non-use.

Procedure


Step 1 Log in to the Cisco IPICS server with the root user ID by taking one of the following actions:

To log in to the server from the server console, follow these steps:

a. Log in to the server by entering root for the user name.

b. When you are prompted, enter the root user password.

To log in to the server remotely, follow these steps:

a. Open a terminal window by using SSH Secure Shell Client software or similar software.

b. Log in to the server by entering the IP address or host name of the server.

c. Log in by using the root user ID by entering root for the user name.

d. When you are prompted, enter the root user password.

A terminal window displays.

Step 2 To reboot the server, enter the following command:

[root]# reboot

The server reboots.


To shut down the server, perform the following procedure.


Note Cisco recommends that you gracefully shut down the server by performing the following procedure in lieu of pressing the power button to shut down the server.


Procedure


Step 1 Log in to the Cisco IPICS server with the root user ID.

A terminal window displays.

Step 2 To shut down the running processes in the server, enter the following command:

[root]# shutdown -h <time>

where:

<time> is the time, in seconds, that the shutdown script delays before it begins.


Tip To immediately shut down the running processes, enter the following command:

[root]# shutdown -h now


The server terminates its running processes. If you are directly connected to the server, the console displays messages as each process terminates.

Step 3 Wait until the shutdown script completes; then, turn the server off by pushing the power button that is located on the front panel of the server.

Before you turn off the server, verify that the shutdown script has completed by performing one of the following actions:

If you are directly connected to the server by a console connection, wait until the following text displays:

Power down.

If you are remotely connected to the server, wait approximately five minutes to allow all processes to safely terminate.


Note You must manually turn off the server at the server location. You cannot turn off the server by entering CLI commands.


The server shuts down.


Preparing to Use Cisco IPICS

After you complete the software installation, you must complete the following tasks before you can use Cisco IPICS:

Checking the Installation

Managing Your Licenses and Certificates

Viewing the License Summary Information

Installing Third Party Certificates On the Cisco IPICS Server

Generating the Cisco IPICS PMC Application Installer

For more information about Cisco IPICS administration and configuration tasks, refer to the Cisco IPICS Server Administration Guide, Release 2.1(1).

Checking the Installation

Upon completion of the Cisco IPICS server software installation, you should be able to access the Cisco IPICS Administration Console by logging in via a supported browser. You can access the Administration Console from any computer that meets these requirements:

Has IP connectivity to the Cisco IPICS server

Running either of these operating systems:

Windows 2000 SP4 or higher

Windows XP SP2 or higher

Running Internet Explorer version 6.0.2


Note There may be a delay of a few minutes before users can access the Administration Console after the Cisco IPICS server restarts.


To access the Cisco IPICS Administration Console and check the installation, perform the following procedure:

Procedure


Step 1 Open a supported Internet browser window on your PC.

Step 2 In the Address field, enter an HTTP over Secure Socket Layer (HTTPS) URL that contains either the static IP address or the DNS name that you established for your Cisco IPICS server in the "Installing the Cisco IPICS Operating System" section.

Enter the URL in the following format:

https://<ipaddress> | <dnsname>

where:

<ipaddress> is the IP address of the server and <dnsname> is the host name that you configured for the server.

A Security Alert window displays.


Note The Security Alert window displays because Cisco IPICS ships with a self-signed certificate that is not issued by a Certificate Authority (CA). If you prefer to replace the self-signed certificate with a third party certificate that has been issued by a CA, follow the procedure in the "Installing Third Party Certificates On the Cisco IPICS Server" section.


Step 3 Click Yes to close the window and access the login screen.

Step 4 Log in by using the ipics user ID and password.


Note The ipics user ID is the application-level user ID that can perform all administration-related tasks by using the Administration Console.


The Administration > License Management window displays with a message that informs you to upload a license file before you can use the system.


To obtain your license file, see the "Obtaining Your License File" section.

If you are not able to access Cisco IPICS from your browser, see the "You Cannot Connect to the Server By Using Your Browser" section on page 5-10.

Managing Your Licenses and Certificates

After you install Cisco IPICS, you can log in to the Administration Console, but you will not be able to use any features until you upload the license file. You use the Product Authorization Key (PAK) that was included in your Cisco IPICS product package to obtain a license file.

The license that you purchased is based on the total number of the following licensable features:

The concurrent number of land mobile radio (LMR) ports

The concurrent number of multicast ports

The concurrent number of PMC users

The concurrent number of IP phone users

The concurrent number of dial users

The total number of ops views


Note To enable the policy engine for use, you are required to obtain a separate license.


The total number of LMR and multicast ports, PMC, IP phone, and dial users, and ops views cannot exceed the number that is specified in the license or licenses that you purchased. If you require additional licenses, contact your Cisco representative.

This section includes the following topics:

Obtaining Your License File

Uploading the Cisco IPICS License Files

Obtaining Your License File

Your Cisco IPICS product package includes a Software License Claim Certificate that contains a PAK, which is uniquely created from your sales order. You use this key to obtain licenses for your Cisco IPICS installation.

You can order your initial licenses any time after you begin the installation process.


Caution If you are upgrading from Cisco IPICS release 1.0, your current license is not compatible with Cisco IPICS release 2.1(1). Contact your authorized Cisco representative to obtain new licenses for Cisco IPICS release 2.1(1). If you are upgrading from release 2.0(2), you may use your current license(s), which are valid for use with Cisco IPICS release 2.1(1).

To use your PAK to obtain your Cisco IPICS licenses, perform the following procedure:

Procedure


Step 1 Locate your Software License Claim Certificate that was included in your Cisco IPICS product package. Look for the PAK at the bottom of this certificate.


Note If you ordered your Cisco IPICS server software directly from Cisco, your package may include only one PAK. However, if you purchased Cisco IPICS through a distributor or reseller, you should have several individual packages, each with its own PAK. In this case, you must process all of your PAKs individually. Cisco sends you a license file for each one.


Step 2 Retrieve the MAC address that you noted during the Cisco IPICS operating system installation.

If you misplaced the MAC address, complete Step 30 in the "Installing the Cisco IPICS Operating System Software" section to obtain it.

Step 3 Order a license by accessing Cisco.com at the following URL:

http://www.cisco.com/go/license

You must have a valid Cisco.com user ID and password before you can access this URL.

After you process your license order, Cisco.com sends you an e-mail with the license file as an attachment. If you processed several separate PAKs, Cisco.com sends you several e-mail responses with a license file attached to each one. When you upload these files, Cisco IPICS adds the licenses from each file and monitors your system activity based on the aggregated license files.

Step 4 Save the license file to your PC by performing the following steps:

a. Open the e-mail that contains the license file attachment.

b. Right-click the license file attachment in the e-mail.

c. Click Save As.

The Save Attachment window displays.

d. Select the folder on your PC where you would like to download the license file.

e. Ensure that the following values appear in the fields of the Save Attachment window:

The file name of the license appears with a .lic file type in the File name field.

All Files (*.*) appears in the Save as type field.

f. Click Save.

The e-mail program downloads the license file to your PC.


Note Cisco IPICS does not support the editing or modification of the license file name or file type. If you change the license file name or use an extension other than .lic, you may invalidate your license and cause the system to become inoperable.


Step 5 Upload the Cisco IPICS license.

See the "Uploading the Cisco IPICS License Files" section for instructions about uploading the Cisco IPICS license file.

After you upload your license file, the license manager processes the new licenses and updates the total number of licenses.

Step 6 If you require additional licenses, contact your distributor or reseller to purchase the licenses.


Uploading the Cisco IPICS License Files

After you receive your license file(s), you can upload them by accessing the Administration > License Management window in the Cisco IPICS Administration Console.


Note When you upload a license file, Cisco IPICS places the file in the following directory:
/root/tomcat/current/webapps/license


To upload license file(s), perform the following procedure:

Procedure


Step 1 Open a supported browser window on your PC.

Step 2 In the Address field in the browser, enter an HTTPS URL that contains either the IP address or the DNS name of your Cisco IPICS server in the following format:

https://<ipaddress> | <dnsname>

where:

<ipaddress> is the IP address of the server and <dnsname> is the host name that you configured for the server.

A Security Alert window displays.

Step 3 Click Yes to close the window and access the login screen.

The Cisco IPICS Login window displays.

Step 4 Log in to the Cisco IPICS server by using the ipics user ID and password.

The system prompts you to upload the license file.


Note The system does not prompt you to upload a license file if you have previously uploaded a license file. If you are not prompted to upload the license file, navigate to Administration > License Management from the Server tab in the Administration Console.


The License Management window displays.

Step 5 Click Browse, then navigate to the license file that you downloaded to your PC.

Step 6 Select the license file and click Open.

Step 7 Click Upload to upload the license file to the server.

The license manager processes the new license.

Step 8 Click Apply.

Cisco IPICS associates the license file with the server and restarts the license manager. The updated license information displays in the License Summary pane in the License Management window.


Note After you click Apply, there may be a delay of a few minutes before you can access the Administration Console.


Step 9 If you have more than one license file, repeat Step 5 through Step 8 until you have uploaded all license files.


Tip Cisco recommends that you click Apply after you upload each license file, so that you can more easily track the progress of the upload process.



Note Cisco IPICS does not overwrite older license files with newer license files. You can purchase additional features by obtaining a new license; when you upload and apply the new license, Cisco IPICS adds the new license features to the existing license features.

As a best practice, Cisco recommends that you remove old license file(s) whenever license changes occur (such as when you replace a time-bound license with a permanent license). For information about deleting time-bound licenses, see the "Deleting Older Time-Bound Licenses from the Server" section.



Viewing the License Summary Information

From the Administration > License Management > Summary tab in the Administration Console, you can access the License Summary pane to view the licensed features for your system. This pane also displays license information for the Cisco IPICS Base Server License and the Policy Engine Base License.

To understand how Cisco IPICS features use the available licensed features, see the "Tracking Your License Usage" section.


Note The data that displays in the License browser window shows the usage at the time that the license window was last accessed. To view the most current license information, refresh your browser window. Make sure to refresh your browser window often and before you perform any server administration functions to ensure that you are working with the most current information. If you attempt to perform an administration update in a window that does not display the most current data, the update does not succeed, and Cisco IPICS displays an error. If you receive an error, refresh your browser window and retry the operation.


This section includes the following topics:

Tracking Your License Usage

Managing Time-Bound Licenses

Tracking Your License Usage

Table 2-1 describes the criteria that Cisco IPICS uses to determine license usage for ports, PMCs, IP phones, the policy engine, and ops views.

Table 2-1 Cisco IPICS License Usage Criteria 

Field
Description

Concurrent LMR Ports

An enabled channel or radio uses an LMR port license. After an administrator disables a channel or radio, the server releases the LMR license and makes it available for use.

Associating a radio and channel selector combination with a channel does not affect license usage.

Cisco IPICS bases license usage for channels on the unique combination of a multicast address and a location. If a channel uses two multicast addresses, the single channel uses two licenses. If an administrator removes one of the multicast addresses, the system releases one of the licenses so that the port now uses one license.

Concurrent Multicast Ports

An activated VTG uses a multicast port license. After an administrator deactivates a VTG, the server releases the multicast license and makes it available for use.

Note Be aware that an inactive VTG uses a license when a policy triggers (activates) that VTG. Therefore, if the number of licenses has been exceeded, the policy is not able to activate the VTG. Make sure that the server has a sufficient number of licenses available for the configuration of policies.

Concurrent PMC Users

A PMC user uses a license each time that the user logs in to a PMC session.

If the same PMC user logs in to multiple PMC sessions from different PMC client machines, that user uses multiple licenses (one for each PMC session).

Note If you use all of the available PMC licenses, Cisco IPICS interrupts PMC user access to the system. Make sure that you are aware of the current status of PMC licenses, and purchase and install additional licenses immediately if you use all of the available PMC licenses.

Concurrent Cisco Unified IP Phone Users

An IP phone user uses a license each time that a user logs in to Cisco IPICS from an IP phone. If you use all IP phone licenses, additional IP phone users cannot dial into a channel or VTG.

Concurrent Dial Users

The policy engine uses a license each time the dial engine performs a dial-in or dial-out action. If you use all dial user licenses, the dial engine cannot perform additional dial-in or dial-out actions.

Cisco IPICS Ops View

If you have purchased a license that includes additional ops view functionality, each ops view that you create uses one license.

Cisco IPICS Base Server License

License usage does not apply to this field. This field displays whether you have a base license for Cisco IPICS.

Policy Engine Base License

License usage does not apply to this field. This field indicates whether you have a base license for the policy engine.


Managing Time-Bound Licenses

Cisco IPICS also includes support for time-bound licenses. Time-bound licenses, such as evaluation or demonstration licenses, differ from purchased (non-time-bound) licenses in that they include a preconfigured license expiration date.

When a time-bound license is about to expire (about 30 days before expiration), Cisco IPICS displays a warning message to alert you of the upcoming expiration.


Note If you install a more recent time-bound license on your server, you may see this warning message if additional unexpired time-bound licenses are installed and you have not dismissed this warning. To suppress this warning message, delete the older, unexpired licenses that are installed on your server. For more information, see the "Deleting Older Time-Bound Licenses from the Server" section.


When a license feature expires, the relevant functionality of that license becomes disabled.

After your license expires, it remains valid for a maximum of 24 hours after the expiration date. (The server checks for expired licenses every 24 hours.)

After you install the Cisco IPICS server software, Cisco IPICS invalidates time-bound licenses when you change the system date to a date that is before the license start date. Invalid licenses cause the Cisco IPICS system to become inoperable.


Note You must restart the license manager, or reboot the server, for system date changes to become effective.


To restart the license manager and revalidate the license(s), perform the following procedure:

Procedure


Step 1 Open a terminal window and log in using the root user ID.

Step 2 Restart the license manager by entering the following command:

[root]# service ipics_lm restart

Step 3 To revalidate the license(s), navigate to Administration > License Management; then, click Apply to restart the license server.


Deleting Older Time-Bound Licenses from the Server

If you receive license expiration warning messages, and you have more than one unexpired time-bound license installed, you must delete the older time-bound licenses to suppress this warning message. To delete time-bound licenses, perform the following procedure:

Procedure


Step 1 Open a terminal window and log in by using the root user ID.

Step 2 Navigate to the directory where Cisco IPICS stores the license files by entering the following command:

[root]# cd tomcat/current/webapps/license

Step 3 View the license files by entering the following command:

[root]# ls -l *.lic

The license files display with the time and date that the license was last modified.

Step 4 Make a note of the licenses that you no longer need.

The time and date that displays with the file information might assist you with determining which files you need to delete.

Step 5 Delete the unnecessary license files by entering the following command:

[root]# rm <licensefilename>.lic

where:

<licensefilename>.lic is the name of the license file that you want to delete.


Caution Make sure that you do not delete the cisco.opt file. This file is required for the correct operation of Cisco IPICS.

Step 6 Repeat Step 5 for each license file that you need to delete.

Step 7 Restart the server by entering the following command:

Step 8 [root]# service ipics restart

Step 9 Log in to the Administration Console by using the ipics user ID and navigate to the Administration > License Management window.

Step 10 To apply the license deletions to the system configuration, click Apply.

Step 11 If a message displays that indicates that a license is about to expire, click Dismiss Warnings.


Installing Third Party Certificates On the Cisco IPICS Server

The Cisco IPICS server ships with a self-signed certificate. However, you may replace this certificate with a customer-specific, third party certificate that has been issued by a CA. A CA, as a trusted third party, issues and manages digital certificates that provide enhanced security by verifying the credentials of the user, organization, server, or other entity as specified in the certificate. VeriSign, Thawte, and Entrust are examples of CAs.

The following topics include information about requesting a third party certificate and installing the certificate on the Cisco IPICS server:

Requesting a Third Party Certificate

Installing a Third Party Certificate

Requesting a Third Party Certificate

To request a third party certificate, perform the following procedure:

Procedure


Step 1 Log in to the Cisco IPICS server by using the root user ID.

The Cisco IPICS operating system logs you in as the root user.

Step 2 Copy the tomcat.keystore file to the /root directory by entering the following command:

[root]# cp /root/tomcat/current/conf/tomcat.keystore /root

The tomcat.keystore file maintains all of the certificates for the server.

Step 3 Change to the /root/tomcat/current/conf/ directory by entering the following command:

[root]# cd /root/tomcat/current/conf/

Step 4 Run the following command to delete the existing entry:

[root@ipics-server]# keytool -delete -alias tomcat -keystore tomcat.keystore

Step 5 When the system prompts you to enter the keystore password, enter the default password, changeit.

Step 6 Run the following command to generate the new key that will be used for the Certificate Signing Request (CSR):

[root@ipics-server]# keytool -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore -validity 360

The validity may vary based on the number of days that the certificate needs to be valid.


Note Make sure that you enter the correct information so that the CA generates a valid certificate for your system.


Step 7 Enter your responses to the following system prompts:

Enter keystore password:
What is your first and last name?
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?


Note The information that you enter may vary depending on the CA that you use. For example, for the first and last name response, VeriSign requires that you enter the fully-qualified hostname of your Cisco IPICS server in the format of server.domain.com. For the name of your state or province, VeriSign requires that you spell out the complete name in lieu of using the abbreviated form.



Tip The default keystore password is changeit.


The following is an example of the information that the system displays:

Is CN=username, OU=user company name, O=user company name, L=user 
city, ST=user state, C=user country correct? [no]:

Step 8 Enter y or yes if the information is correct.

Step 9 When the system displays the following message, press Enter to accept the default password:

Enter key password for <tomcat>
(RETURN if same as keystore password):

where <tomcat> is the default alias for the certificate


Note The system requires that you use the same value for the key password and the keystore password. If you enter different passwords, the Tomcat server will not be able to successfully restart. (When these passwords are the same, the system does not prompt you again for the key password.)


Step 10 Run the following command to create the CSR file:

[root@ipics-server]# keytool -certreq -alias tomcat -keyalg RSA -file certrequest.csr -keystore tomcat.keystore

Step 11 When the system prompts you to enter the keystore password, enter the default value of changeit:

Enter keystore password:

Upon entry of the correct password, the system creates the CSR. (If you enter an incorrect password, the system displays an error.)


Note You need to use the text from this CSR file when you request the certificate. See Step 12.


Step 12 Copy the certrequest.csr file to your local workstation.

Depending on the CA that you use, you may need to copy and paste the contents of the certrequest.csr file into your browser or you may need to upload the CSR file to request the certificate.


Note If the CA does not accept your certificate request, repeat this procedure from Step 3 to regenerate your certificate request with the necessary modifications.


Step 13 After you receive the certificate from the CA, continue with the procedure in the "Installing a Third Party Certificate" section to install the third party certificate.


Installing a Third Party Certificate

To install a third party certificate on the server, perform the following procedure:

Procedure


Step 1 Depending on the format in which you receive the certificate, take one of the following actions:

If you receive the certificate file directly from the CA, rename the file to thirdparty.cer

If you receive the certificate enclosed in an email, create a new file named thirdparty.cer (this file must contain only the certificate contents of the email)

CAs may use different procedures to send root CA certificates. Some CAs embed the root CA certificate into the certificate that they provide to you; other CAs provide the root CA certificate separately. (The root CA certificate allows you to establish a chain of trust from the CA to the third party certificate on your server.)

Step 2 Depending on the format in which the CA provides the root CA certificate, take one of the following optional actions:

If you download the root CA certificate file directly from the CA website, rename the file to thirdpartyca.cer

If the CA provides the root CA certificate enclosed in a web page, create a new file named thirdpartyca.cer (this file must contain only the root CA certificate contents of the web page)

Step 3 Copy the thirdparty.cer file (and the optional thirdpartyca.cer file) from the local workstation to the /root/tomcat/current/conf/ directory on the server by using Secure FTP.

Step 4 To verify that you are still in the /root/tomcat/current/conf/ directory, enter the following command:

[root]# cd /root/tomcat/current/conf/

Step 5 If you received a separate root CA certificate, install it first by executing the following command:

[root@ipics-server]# keytool -import -alias thirdpartyca -keystore tomcat.keystore -trustcacerts -file thirdpartyca.cer

Step 6 When the system prompts you to enter the keystore password, enter changeit.

Step 7 Enter yes to trust the certificate when the system displays the following prompt:

Trust this certificate? [no]:

The certificate installs and the following message displays:

Certificate was added to keystore

Step 8 To install the certificate, run the following command:

[root@ipics-server]# keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file thirdparty.cer

Step 9 When the system prompts you to enter the keystore password, enter changeit.

The following error message displays if you did not install the root CA certificate (and it was required):

keytool error: java.lang.Exception: Failed to establish chain from 
reply

If you encounter this error, contact the CA to locate the root CA certificate; then, repeat this procedure from Step 5.

Step 10 Enter yes to trust the certificate when the system displays the following prompt:

Trust this certificate? [no]:

The certificate installs and the following message displays:

Certificate reply was installed in keystore

Step 11 From root, enter the following command to restart the Tomcat web server:

[root]# service ipics_tomcat restart

Step 12 Verify that the certificate has been installed by executing the following command.

[root@ipics-server]# keytool -list -keystore tomcat.keystore

Step 13 When the system prompts you to enter the keystore password, enter the default value of changeit.

The system displays the certificate information, as shown in the following example:

Keystore type: jks 
Keystore provider: SUN 
Your keystore contains 1 entries 
Tomcat, May 12, 2006, keyEntry, 
Certificate fingerprint (MD5): 
88:88:1A:34:38:0A:27:6F:B9:87:CA:8F:36:66:C4:73

If you installed the root CA certificate, the system display indicates that the keystore contains two entries, as shown in the following example:

Your keystore contains 2 entries
thirdpartyca, May 20, 2006, trustedCertEntry,
Certificate fingerprint (MD5): 
B6:9D:A4:40:52:02:50:0D:D5:9C:E1:B8:4B:66:C4:AC
...

Note The fingerprint may vary based on your system.



Generating the Cisco IPICS PMC Application Installer

PMC users download the PMC installer from the Cisco IPICS Administration Console. Before a user can download the PMC installer from the server, you must first generate the PMC installer.

For more information about generating the PMC installer and managing PMC updates, refer to the "Generating the PMC Installer" and "Managing PMC Versions" sections in the "Performing Cisco IPICS System Administrator Tasks" chapter in the Cisco IPICS Server Administration Guide, Release 2.1(1).