Ask a Question

Solution ID : SO14897

Last Modified : 06/04/2018

Install SGC Web Server Certificate onto Cisco CSS 11500

Problem

Install SGC Web Server Certificate onto Cisco CSS 11500

 

Solution

To install your SGC Web Server Certificate on Cisco CSS 11500, follow the instructions below:

This document provides instructions for installing Thawte SSL Web Server Certificates. If you are unable to use these instructions for your server, Thawte recommends that you contact either the vendor of your software or an organization that supports Cisco CSS 11500.

Step 1: Obtain the Thawte SGC Root CA Certificate Bundle

a) Download the SGC Web Server CA Intermediate from the following solution: AR1377

Note: Be sure to use Vi or Notepad as word processing programs like Microsoft Notepad may add additional characters that may render the certificate unusable.

b) Copy and paste the SSL Web Server Bundle into a text file and save as intermediate_bundle.crt

Step 2: Obtain the SGC Web Server Certificate

  1. Download your certificate as per the instruction on the following solution: SO13187
     

Step 3: Creating the Concatenated text file with .pem format

Cisco CSS 11500 requires the certificate and the Signing Certificate (Intermediate Certificate) to be concatenated in a text file with a .pem extension. Download your Certificate and Intermediate Certificate and copy the Certificates to a Notepad file or other text editor. Copy and paste the Intermediate Certificate below your issued Certificate in the following order: yourCertificate > Followed by the Intermediate CA. Save the file with a .pem extension(i.e mycertfile.pem)

  1. Open the SSL certificate file you obtained in Step 2
  2. Copy the contents including the
    -----BEGIN CERTIFICATE-----


    and


    ----END CERTIFICATE-----
  3. Open the Intermediate.crt file you created in Step 1
  4. At the top of the file, paste the contents from Step 1
  5. Save this file as .em (i.e. mycertfile.pem)

E.g of what it should look like:

-----BEGIN CERTIFICATE-----

Your SSL Certificate

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

Thawte Intermediate CA

-----END CERTIFICATE-----
 

Step 4: Install the SGC Web Server Certificate

  1. Import the concatenated certificate file (.pem) into the CSS.
     
  2. Associate the certificate to the ssl-server.
     
  3. Apply the CA of the ssl-server within the ssl-proxy-list
     
  4. To verify, the private  key that needs to be used is the private key that generated the Certificate Signing Request (CSR) file to create the Certificate.

    There is only one private key for a Certificate. Make sure to verify the Certificate and private key after they are imported. You can issue the command shown below.

    (config)# ssl verify myrsacert1 myrsakey1

    Certificate and key match

For more information on how to associate the Certificate on the CSS please read the following Cisco article: http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_tech_note09186a00801de89b.shtml