Cisco CMX requires
certificates for serving the user interface over SSL. You can import self
signed certificates or certificate authority (CA) signed certificates to Cisco
CMX. Before initiating the import process, ensure that you have a self signed
or a CA signed certificate and the key file. We recommend you to consult your
CA authority to generate certificate signing requests (CSR) and certificates.
The certificate
should be in the PEM format (with .pem extension) as shown below:
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: your_domain_name.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----
Note |
Cisco CMX has
multiple internal servers that work with SSL certificates. If these
certificates use passphrase, after a Cisco CMX restart, the passphrase must be
manually entered to use the certificates. As the internal servers within Cisco
CMX do not directly interact with the user, there is no interface to input the
required passphrases. Hence, at this point, Cisco CMX cannot support
certificate with passphrases.
To work around
this issue, remove the passphrase from the certificates, by running the
following command:
openssl rsa -in
<OriginalKeyfile>
-out
<NewKeyfileWithoutPassphrase> .
|