- Overview of Prime Network GUI clients
- Setting Up the Prime Network Clients
- Setting Up Change and Configuration Management
- Setting Up Vision Client Maps
- Setting Up Native Reports
- Setting Up Fault Management and the Events Client Default Settings
- Viewing Devices, Links, and Services in Maps
- Drilling Down into an NE’s Physical and Logical Inventories and Changing Basic NE Properties
- Manage Device Configurations and Software Images
- How Prime Network Handles Incoming Events
- Managing Tickets with the Vision Client
- Viewing All Event Types in Prime Network
- Cisco Path Tracer
- Managing IP Address Pools
- Monitoring AAA Configurations
- Managing DWDM Networks
- Managing MPLS Networks
- Managing Carrier Ethernet Configurations
- Managing Ethernet Networks Using Operations, Administration, and Maintenance Tools
- Monitoring Carrier Grade NAT Configurations
- Monitoring Quality of Service
- Managing IP Service Level Agreement (IP SLA) Configurations
- Monitoring IP and MPLS Multicast Configurations
- Managing Session Border Controllers
- Monitoring BNG Configurations
- Managing Mobile Transport Over Pseudowire (MToP) Networks
- Managing Mobile Networks
- Managing Data Center Networks
- Monitoring Cable Technologies
- Monitoring ADSL2+ and VDSL2 Technologies
- Monitoring Quantum Virtualized Packet Core
- VSS Redundancy System
- Icon Reference
- Permissions Required to Perform Tasks Using the Prime Network Clients
- Correlation Examples
- Managing certificates
Managing Certificates
Managing Certificates chapter describes how to generate a Self-signed certificates and Certificate Signing Request (CSR) that can be used to obtain SSL certificates from a Certificate Authority such as Verisign, Digicert and so on. This chapter describes the following topics:
Generating Self-Signed Certificates and Certificate Signing Request
Importing Certificate Authority or Self-Signed Certificate
Generating System Events for a Close to Expire Digital Certificates
Generating Self-Signed Certificates and Certificate Signing Request
Generate a self-signed certificate and a Certificate Signing Request (CSR) by using the Generate Self-Signed Certificate and Certificate Signing Request option. When you generate a self-signed certificate, a new self-signed certificate in PEM format and a CSR file are created in the $ANAHOME/scripts/CSR/ directory. When you press enter in a command without specifying any value the script will select a default option automatically. For example, if you do not specify a domain name, the script by default picks the domain name as cisco.com.
Step 1
Execute $ANAHOME/local/scripts/selfsignedcert.pl.
Step 2 Choose Generate Self-Signed Certificate and Certificate Signing Request(.csr) and press Enter. The system prompts you to enter information as listed in the following table.
Importing Certificate Authority or Self-Signed Certificate
Import a Certificate Authority (CA) signed certificate or self-signed certificate by using Import CA/Self-Signed Certificate option. You can either import the generated self-signed certificate or import a certificate generated by another system or third party by copying the.pem and.key (private key) files to the $ ANAHOME/scripts/CSR directory. The.pem file provided is exported into PKCS12 format, and then converted to JKS format. The JKS file can be imported into Tomcat.
Step 1 Execute $ANAHOME/local/scripts/selfsignedcert.pl as PN user.
Step 2 Choose the Import CA/Self-Signed Certificate option and press Enter.
Step 3 Specify values for the following parameters and then press Enter:
Table 33-2 Parameters and Description
Generating System Events for a Close to Expire Digital Certificates
Prime Network generates system events when digital certificate of a Product’s License expiry date is close to expiration.
The System Events are generated based on three scenarios and the following table lists the Severity for each scenarios.
Table 33-3 System Events Scenarios
|
|
|
|
|---|---|---|
Also, Prime Network generates System Events for the Jars and Certificates that are about to expire.
Table 33-4 Certificates and the Impacted Applications
|
|
|
|
|---|---|---|
Prime Network GUI applications |
||
Prime Network Web Server (Change and Configuration Management, VNE Customization Builder, and Network Discovery) |
||
Prime Network periodically checks (once a day) the expiration date, or on restart and forwards the system events for Digital certificates and JARS based on the following criteria.
- System Event with minor severity for Digital Certificates expiring in 30 days
- System Event with major severity for Digital Certificates expiring in 14 days
- System Event with critical severity for Digital Certificates expiring in 3 days
- System Event with critical severity for Digital Certificates expiring in 0 days
- System Event with cleared severity when the Digital Certificates is updated
Note Prime Network sends only one System Events for each severity. The cleared notification is initiated only when the Digital Certificate is reinstalled using a script.
Trouble Shooting
How can the Administrator obtain a new certificate or install them?
a. Administrator can generate the Digital certificate for Tomcat servers as a Self-Signed certificate or apply for/through third party Digital certificate using the scripts provided by Prime Network.
b. Digital certificate for GUI clients can be obtained only through Prime Network upgrade. You can obtain either during main release or Point Patch (PP).
– If you are upgrading Prime Network during Main release Digital certificate is automatically generated during installation of Prime Network.
Feedback