Ask a Question

Solution ID : SO14896

Install SSL Web Server Certificate onto Cisco CSS 11500

Problem

Install SSL Web Server Certificate onto Cisco CSS 11500

Solution

To install your SSL Web Server Certificate on Cisco CSS 11500, follow the instructions below:

This document provides instructions for installing Thawte SSL Web Server Certificates. If you are unable to use these instructions for your server, Thawte recommends that you contact either the vendor of your software or an organization that supports Cisco CSS 11500.

Step 1: Obtain the Thawte SSL Web Server Intermediate CA certificate

a) Download the SSL Web Server Intermediate CA certificate from the following solution: AR1384

Note: Be sure to use Vi or Notepad as word processing programs like Microsoft Wordpad may add additional characters that may render the certificate unusable.

b) Copy and paste the intermediate certificate into a separate text file and save as intermediate.crt.

Step 2: Obtain the SSL Web Server Certificate

  1. Download your certificate as per the instruction on the following solution: SO13187
     

Step 3: Creating the concatenated text file with .pem format

Cisco CSS 11500 requires the certificate and the Signing Certificate (Intermediate Certificate) to be concatenated in a text file with a .pem extension. Download your Certificate and Intermediate Certificate and copy the Certificates to a Notepad file or other text editor. Copy and paste the Intermediate Certificate below your issued Certificate in the following order: Your SSL Certificate > Intermediate Certificate. Save the file with a .pem extension (i.e mycertfile.pem)

  1. Open the SSL certificate file you obtained in Step 2
  2. Copy the contents including the
    -----BEGIN CERTIFICATE-----
    and
    ----END CERTIFICATE-----
  3. Open the intermediate.crt file you created in Step 1
  4. At the top of the file, paste the contents from Step 1
  5. Save this file as .pem (i.e. mycertfile.pem)

Example of what the concatenated text file should look like:

-----BEGIN CERTIFICATE-----
Your SSL Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Thawte Intermediate CA
-----END CERTIFICATE-----


Step 4: Install the SSL Web Server Certificate

  1. Import the concatenated certificate file (.pem) into the CSS.
     
  2. Associate the certificate to the ssl-server.
     
  3. Apply the CA of the ssl-server within the ssl-proxy-list
     
  4. To verify, the private key that needs to be used is the private key that generated the Certificate Signing Request (CSR) file to create the Certificate.

    There is only one private key for a Certificate. Make sure to verify the Certificate and private key after they are imported. You can issue the command shown below.

    (config)# ssl verify myrsacert1 myrsakey1

    Certificate and key match

For more information on how to associate the Certificate on the CSS please read the following Cisco article: www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a00801ffdcb.shtml