Obtaining and Verifying Cisco Business Dashboard Software
Cisco Business Dashboard is distributed as a zipped Microsoft Hyper-V virtual machine. The virtual machine image also contains the Cisco Business Dashboard Probe application, allowing a single VM to act as both Dashboard and Probe for a particular site. To obtain the virtual machine image, navigate to https://www.cisco.com/go/cbd-sw.
The virtual machine image has been cryptographically signed by Cisco to ensure that the software has not been tampered with. The Hyper-V virtual machine image format does not provide a mechanism for crytographically signing virtual machines. In order to sign the image, a signature has been generated for the image zip file and is recorded in a file separate to the virtual machine image. The signature file, the virtual machine image, and a number of supporting files have been packaged in to a single zip file. It is this zip file that is downloaded from the Cisco Software Center. The contents of this zip file are described in the following table:
Filename |
Description |
---|---|
CISCO_BUSINESS_DASHBOARD_KEY-CCO_RELEASE.cer |
The code signing certificate used to sign the virtual machine image |
Cisco_Business_Dashboard-2.2.0.xxxxxxxx.zip |
The virtual machine image |
Cisco_Business_Dashboard-2.2.0.xxxxxxxx.zip.signature |
A file containing the cryptographic signature for the virtual machine image |
README.txt |
The README file describes the contents of the zip file and how to validate the signature |
scripts/cisco_x509_verify_release.py |
A python script to verify the signature |
verify.bat |
A script to verify the signature in a format suitable for use on Microsoft Windows |
verify.sh |
A script to verify the signature in a format suitable for use on Unix-like operating systems |
To verify the virtual machine image signature, do the following:
-
Ensure you have the OpenSSL package and the Python programming language installed on the PC where you will verify the signature.
-
Unzip the file you downloaded from the software center into a convenient location on the PC
-
Validate the signature by running either the verify.bat file or the verify.sh file, depending on the PC operating system. The script will download the Cisco root certificate and intermediate certificate from cisco.com, verify that the code signing certificate has not been tampered with, and then validate the signature of the virtual machine image. The success or failure of the process will be reported in the script output.