If you are using Certificate Authority (CA)
certificates for mutual authentication of CCE machines, do the following:
-
Generate CSR using CiscoCertUtil
.
This command generates a host.csr file and sends the CSR to a trusted Certificate Authority for sign-off. To generate a new
CSR, see CiscoCertUtil Utility.
-
Obtain the CA-signed application certificate, Root CA certificate, and Intermediate Authority certificate.
-
Copy the CA-signed application certificate file into the appropriate folder (<install_drive>:\icm\ssl\certs as applicable.
-
Restart the services
-
Install the CA-signed application certificate using the command CiscoCertUtil / install <cert file > <optional cert store>
. Certificate store can be my, root or ca with default being my when not specified. You can also manually install the CA Certificate
to Windows trust store, if not already installed or present. You can verify if certificate is installed properly using windows
certlm.msc utility in personal, Trusted Root or Intermediate Certificate Authorities based on option specified in install command. Default
is Personal if no option is provided.