Install Management Center Certificates on Content Analysis to Establish SSL Trust
search cancel

Install Management Center Certificates on Content Analysis to Establish SSL Trust

book

Article ID: 176048

calendar_today

Updated On:

Products

Management Center

Issue/Introduction

If you attempt to retrieve a system image from Management Center using the Content Analysis (CA) CLI, image installation will fail unless the Management Center certificates have been added to the CA browser-trusted CCL. This topic describes how to collect the Management Center certificate chain and install it onto the CA appliance so it will trust the HTTPS URL when loading a software image from Management Center.

Resolution

Step 1: Collect Management Center Certificates

  1. View the Management Center default certificate:

    ssl view certificate default
    -----BEGIN CERTIFICATE-----
    MIIECjCCAvKgAwIBAgIJAOHKNes6SjX6MA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD VQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxJDAi BgNVBAoTG0JsdWUgQ29hdCBNYW5hZ2VtZW50IENlbnRlcjETMBEGA1UECxMKMTAw MTQxODE0OTEVMBMGA1UEAxMMMTAuMTY5LjIxLjgzMB4XDTE5MDQxMTE0MzU1N1oX DTIxMDQxMTE0MzU1N1owgYQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQG A1UEBxMNTW91bnRhaW4gVmlldzEkMCIGA1UEChMbQmx1ZSBDb2F0IE1hbmFnZW1l bnQgQ2VudGVyMRMwEQYDVQQLEwoxMDAxNDE4MTQ5MRUwEwYDVQQDEwwxMC4xNjku MjEuODMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmygUkX0g3Nc2q LE+2ljau6I1bZHWpJXavroDhd2+8uA1dvAeKZhb7OqfkxCmVF+wt3OdNET5EIM7E oJGITTpegzD86BVoa79CrqxOSd/AD4OYUOMVDE6GAmmqZlMqUZ+3Pj54DJz3wUeY rG3+18AVqgN5DVzCgnkKrW1Pc66xpIFvOHpyXSh+ada84ljI+VCCAKI148nuDzfh oKFNar8Ukj3k/SXgoGBRcdkJnRQRhvj8a2gSHJ38p/1D4uHusYcTm28RC/9UnqX8 rafU7td12iXmqwNSvbLYHpOfisWVKGH7ay/OreDYaefTIG+/s7jCZf5XHqf4eCr8 bWt2RdujAgMBAAGjfTB7MA8GA1UdEQQIMAaHBAqpFVMwCQYDVR0TBAIwADAdBgNV HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFOPy+TLUIyyAQ0+M /n66Y7n3vST+MB8GA1UdIwQYMBaAFOPy+TLUIyyAQ0+M/n66Y7n3vST+MA0GCSqG SIb3DQEBCwUAA4IBAQBSp8TV7kmn2hX8aVQlutN6vwlz6psJ6DSUW5utDLwV5/1n HVGagdDOSTnz3OUxJOWVSzAUIABG5JGuFA7IwXUowdsBxz++VHPZ26AbNs9xZ65D /gfcBCebocmdLwl5pbEvb0I1mPogGAGPma5D7yOBeJTLTYQVCmhV0YffhfdL7gqi P/P8aEMn5oucrp4ZeRFAwYGd3uEzbmjuWZxjFlry1nsp29nSxAEzseN8sdSe0aiz DUF8oBBT/7GN9v9Dsg7l4CckjCULIdOuSgZMzTDtyq1exzF7ayK2Ka+Vat0Q6Xe1
    3PVHcEdxrBnmq795UOa9eLXJfQfvh4cfIO8oSUw3
    -----END CERTIFICATE-----

  2. Copy the default certificate.

  3. Enter the following command to view the certificate names in the Management Center CA chain (if any are installed):

    ssl view ccl management-center

    For example:

    ssl view ccl management-center
    Certificates:
    customer-ca-1
    customer-ca-2

  4. View and copy each certificate.

    ssl view certificate cert_name

    For example:

    ssl view certificate customer-ca-1

Step 2: Install Management Center Certificate(s) on the Content Analysis Appliance:

  1. Access the Content Analysis CLI and enter configuration mode.

  2. Install the Management Center certificates you recorded in Step 1.

    (config)# ssl inline ca-certificate ca-name

    For example:

    (config)# ssl inline ca-certificate mc-default
    Enter the certificate below and end it with a Ctrl-D
    -----BEGIN CERTIFICATE-----
    MIIECjCCAvKgAwIBAgIJAMrmxW4MVDN/MA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD VQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxJDAi BgNVBAoTG0JsdWUgQ29hdCBNYW5hZ2VtZW50IENlbnRlcjETMBEGA1UECxMKMTAw MTQxNzgxMDEVMBMGA1UEAxMMMTAuMTY5LjIxLjY3MB4XDTE5MDIwNTE5MTQ0MFoX DTIxMDIwNTE5MTQ0MFowgYQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQG A1UEBxMNTW91bnRhaW4gVmlldzEkMCIGA1UEChMbQmx1ZSBDb2F0IE1hbmFnZW1l bnQgQ2VudGVyMRMwEQYDVQQLEwoxMDAxNDE3ODEwMRUwEwYDVQQDEwwxMC4xNjku MjEuNjcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5FvTJcJPe/v7b lhYv9wIf81Gl2/9zu0+1ylGsz7+Sif+hzUmcTlv4rtOfGbklYw/FZOAPQxp9YYER E28Sn4HNbVDcErDC5cvL1L7A6hpOxpgbavOG9Fpw2eH20c8gf4iWmIVf+1BPyL81 xxFBDOwRuyXpQqs0aSMzbA9vb6V91WTmSWUPvmIgRoFPcV7IEnW9j87Max83UD/S ui8lWQb0+1twaa1sy5FuvfId2ZUsrrC4RRHkRcsSJvVACxFZONftylZE7k42oWC2 FDTuc04IhwioM57xEsK2io8bRHVLujo3/5xUh70xCE0lrcn63ptRBasqbD2FmNBQ SgxcWocVAgMBAAGjfTB7MA8GA1UdEQQIMAaHBAqpFUMwCQYDVR0TBAIwADAdBgNV HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFH2gIv7VsVd3EIpr qCHbQmwf3/ATMB8GA1UdIwQYMBaAFH2gIv7VsVd3EIprqCHbQmwf3/ATMA0GCSqG SIb3DQEBCwUAA4IBAQCPMWtqpfFLCb7jcCdzWJ0hoNhnIjaH1yCSslk5IU4zZ8zp 7cQZv7L5CvgUZN9GRnaG5Juef7CnfCakrjxvFsjw2GRpT638giH0aCTpQXY9IbOx M3x9N62nDMo+jSuEnjNayVIL03qWvB4YH7WLpsz2Z+VYl6Vxe1QMMqs7KiZhms7a PLpqRQikLcOY7EHaYcBZBW/21Mfme2+wZyLSsSNKrC0pYAbYhnyjZQZt50VsI6vS 7inN2xPy56AWbPZTkHeiQIPYtIRLYjTVLeQRpb+sNdF7s+T4NsWpitS4ygRwYbih
    hWiRo/SA18WBJdorMAa7y2/3nJyc1OIea+XVi0lE
    -----END CERTIFICATE-----
    CA certificate mc-default is added successfully.

  3. Repeat step 2 for each Management Center certificate you have recorded.

  4. Add each certificate authority to the browser-trusted CCL:

    (config)# ssl ccl browser-trusted

    (config-ccl-browser-trusted)# ca-certificate cert_name

  5. Verify that the certificate(s) have been added to the browser_trusted CCL:

    show running-config ssl ccl browser-trusted

Powered by Wolken Software