PDF(75.1 KB) View with Adobe Reader on a variety of devices
ePub(1.1 MB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(804.3 KB) View on Kindle device or Kindle app on multiple devices
Updated:November 28, 2018
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This article will give an example on how to get a free SSL certificate and the way to install it on CMX. The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Cisco recommends that you have knowledge of these topics:
- A domain name which can be resolved externally
- Basic linux skills
- Basic knowledge of PKI (Public Key Infrastracture)
The information in this document is based on these software and hardware versions:
- CMX 10.5
Prepare and backup
Web certificate is located in the following folder:
[root@cmxtry ssl]# openssl genrsa -out cmxtry.com.key 2048
Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)
[root@cmxtry ssl]# ls
Generate a CSR (Certificate Sign requests) using the private you key generated in the previous step.
[root@cmxtry ssl]# openssl req -new -sha256 -key cmxtry.com.key -out cmxtry.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:BE
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) :DIEGEM
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CMXTRY
Organizational Unit Name (eg, section) :CMXTRY
Common Name (e.g. server FQDN or YOUR name) :cmxtry.com
Email Address :email@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :Cisco123
An optional company name :CMXTRY
[root@cmxtry ssl]# ls
cmxtry.com.csr cmxtry.com.key oldcert
You paste the CSR in the window and select RedHat as software used to generate the CSR:
You have to validate the domain using either an e-mail address or other ways to validate the domain, such as DNS CNAME entry.
When you did complete the process of validation, you will be able to download a certificate from here:
When you download the certificate, you have to upload it to CMX box:
[ avitosin > ~/Desktop/cmxtry_com ] ls
[ avitosin > ~/Desktop/cmxtry_com ] scp ./* firstname.lastname@example.org:/home/cmxadmin
Warning: the ECDSA host key for 'cmxtry.com' differs from the key for the IP address '220.127.116.11'
Offending key for IP in /Users/avitosin/.ssh/known_hosts:8
Matching host key in /Users/avitosin/.ssh/known_hosts:10
Are you sure you want to continue connecting (yes/no)? yes
/etc/profile.d/lang.sh: line 19: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory
cmxtry_com.ca-bundle 100% 4103 4.0KB/s 00:00
cmxtry_com.crt 100% 2236 2.2KB/s 00:00
[ avitosin > ~/Desktop/cmxtry_com ]
Verify the certificates
Verify that the certificate was successfully copied to CMX:
[root@cmxtry ssl]# cd /home/cmxadmin/
[root@cmxtry cmxadmin]# ls