Ask a Question

Advanced Search

Solution ID : SO14842

Last Modified : 05/02/2018

Installation Instructions for Cisco CSS 11500

Problem

Installation Instructions for Cisco CSS 11500

Solution

To install your Thawte Certificate on Cisco CSS 11500, follow the instructions below:

This document provides instructions for installing Thawte Certificates. If you are unable to use these instructions for your server, Thawte recommends that you contact either the vendor of your software or an organization that supports Cisco CSS 11500.

 

Step 1: Obtain the Thawte Intermediate CA certificate

  • Download the Thawte Intermediate CA certificate from the following solution: INFO1384
    Note: Be sure to use Vi or Notepad as word processing programs like Microsoft Notepad may add additional characters that may render the certificate unusable. 
  • Copy and paste the Thawte Intermediate CA into a text file and save as intermediate.crt

 

Step 2: Obtain the Thawte Certificate

Download your certificate as per the instruction on the following solution: SO13187
 

Step 3: Creating the Concatenated text file with .pem format

Cisco CSS 11500 requires the certificate and the Signing Certificate (Intermediate Certificate) to be concatenated in a text file with a .pem extension. Download your Certificate and Intermediate Certificate and copy the Certificates to a Notepad file or other text editor. Copy and paste the Intermediate Certificate below your issued Certificate in the following order: yourCertificate >followed by the intermediate ca. Save the file with a .pem extension(i.e mycertfile.pem)

  1. Open the SSL certificate file you obtained in Step 2
  2. Copy the contents including the
    -----BEGIN CERTIFICATE-----
    and
    ----END CERTIFICATE-----
  3. Open the Intermediate.crt file you created in Step 1
  4. At the top of the file, paste the contents from Step 1
  5. Save this file as .em (i.e. mycertfile.pem)

E.g of what it should look like:

-----BEGIN CERTIFICATE-----
      Your SSL Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
    Thawte Intermediate CA
-----END CERTIFICATE-----



Step 4: Install the Thawte SSL123 Certificate

  1. Import the concatenated certificate file (.pem) into the CSS.
     
  2. Associate the certificate to the ssl-server.
     
  3. Apply the CA of the ssl-server within the ssl-proxy-list
     
  4. To verify, the private  key that needs to be used is the private key that generated the Certificate Signing Request (CSR) file to create the Certificate.

    There is only one private key for a Certificate. Make sure to verify the Certificate and private key after they are imported. You can issue the command shown below:

    (config)#ssl verify myrsacert1 myrsakey1
    Certificate and key match

     
  5. To verify if your certificate is installed correctly, use the Thawte Installation Checker

 

For more information on how to associate the Certificate on the CSS please read the following Cisco article: www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a00801ffdcb.shtml