If you attempt to retrieve a system image from Management Center using the Content Analysis (CA) CLI, image installation will fail unless the Management Center certificates have been added to the CA browser-trusted CCL. This topic describes how to collect the Management Center certificate chain and install it onto the CA appliance so it will trust the HTTPS URL when loading a software image from Management Center.
View the Management Center default certificate:
# ssl view certificate default
-----BEGIN CERTIFICATE-----
MIIECjCCAvKgAwIBAgIJAOHKNes6SjX6MA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD VQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxJDAi BgNVBAoTG0JsdWUgQ29hdCBNYW5hZ2VtZW50IENlbnRlcjETMBEGA1UECxMKMTAw MTQxODE0OTEVMBMGA1UEAxMMMTAuMTY5LjIxLjgzMB4XDTE5MDQxMTE0MzU1N1oX DTIxMDQxMTE0MzU1N1owgYQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQG A1UEBxMNTW91bnRhaW4gVmlldzEkMCIGA1UEChMbQmx1ZSBDb2F0IE1hbmFnZW1l bnQgQ2VudGVyMRMwEQYDVQQLEwoxMDAxNDE4MTQ5MRUwEwYDVQQDEwwxMC4xNjku MjEuODMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmygUkX0g3Nc2q LE+2ljau6I1bZHWpJXavroDhd2+8uA1dvAeKZhb7OqfkxCmVF+wt3OdNET5EIM7E oJGITTpegzD86BVoa79CrqxOSd/AD4OYUOMVDE6GAmmqZlMqUZ+3Pj54DJz3wUeY rG3+18AVqgN5DVzCgnkKrW1Pc66xpIFvOHpyXSh+ada84ljI+VCCAKI148nuDzfh oKFNar8Ukj3k/SXgoGBRcdkJnRQRhvj8a2gSHJ38p/1D4uHusYcTm28RC/9UnqX8 rafU7td12iXmqwNSvbLYHpOfisWVKGH7ay/OreDYaefTIG+/s7jCZf5XHqf4eCr8 bWt2RdujAgMBAAGjfTB7MA8GA1UdEQQIMAaHBAqpFVMwCQYDVR0TBAIwADAdBgNV HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFOPy+TLUIyyAQ0+M /n66Y7n3vST+MB8GA1UdIwQYMBaAFOPy+TLUIyyAQ0+M/n66Y7n3vST+MA0GCSqG SIb3DQEBCwUAA4IBAQBSp8TV7kmn2hX8aVQlutN6vwlz6psJ6DSUW5utDLwV5/1n HVGagdDOSTnz3OUxJOWVSzAUIABG5JGuFA7IwXUowdsBxz++VHPZ26AbNs9xZ65D /gfcBCebocmdLwl5pbEvb0I1mPogGAGPma5D7yOBeJTLTYQVCmhV0YffhfdL7gqi P/P8aEMn5oucrp4ZeRFAwYGd3uEzbmjuWZxjFlry1nsp29nSxAEzseN8sdSe0aiz DUF8oBBT/7GN9v9Dsg7l4CckjCULIdOuSgZMzTDtyq1exzF7ayK2Ka+Vat0Q6Xe1
3PVHcEdxrBnmq795UOa9eLXJfQfvh4cfIO8oSUw3
-----END CERTIFICATE-----
Enter the following command to view the certificate names in the Management Center CA chain (if any are installed):
# ssl view ccl management-center
For example:
# ssl view ccl management-center
Certificates:
customer-ca-1
customer-ca-2
View and copy each certificate.
# ssl view certificate cert_name
For example:
# ssl view certificate customer-ca-1
Access the Content Analysis CLI and enter configuration mode.
Install the Management Center certificates you recorded in Step 1.
(config)# ssl inline ca-certificate ca-name
For example:
(config)# ssl inline ca-certificate mc-default
Enter the certificate below and end it with a Ctrl-D
-----BEGIN CERTIFICATE-----
MIIECjCCAvKgAwIBAgIJAMrmxW4MVDN/MA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD VQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxJDAi BgNVBAoTG0JsdWUgQ29hdCBNYW5hZ2VtZW50IENlbnRlcjETMBEGA1UECxMKMTAw MTQxNzgxMDEVMBMGA1UEAxMMMTAuMTY5LjIxLjY3MB4XDTE5MDIwNTE5MTQ0MFoX DTIxMDIwNTE5MTQ0MFowgYQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQG A1UEBxMNTW91bnRhaW4gVmlldzEkMCIGA1UEChMbQmx1ZSBDb2F0IE1hbmFnZW1l bnQgQ2VudGVyMRMwEQYDVQQLEwoxMDAxNDE3ODEwMRUwEwYDVQQDEwwxMC4xNjku MjEuNjcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5FvTJcJPe/v7b lhYv9wIf81Gl2/9zu0+1ylGsz7+Sif+hzUmcTlv4rtOfGbklYw/FZOAPQxp9YYER E28Sn4HNbVDcErDC5cvL1L7A6hpOxpgbavOG9Fpw2eH20c8gf4iWmIVf+1BPyL81 xxFBDOwRuyXpQqs0aSMzbA9vb6V91WTmSWUPvmIgRoFPcV7IEnW9j87Max83UD/S ui8lWQb0+1twaa1sy5FuvfId2ZUsrrC4RRHkRcsSJvVACxFZONftylZE7k42oWC2 FDTuc04IhwioM57xEsK2io8bRHVLujo3/5xUh70xCE0lrcn63ptRBasqbD2FmNBQ SgxcWocVAgMBAAGjfTB7MA8GA1UdEQQIMAaHBAqpFUMwCQYDVR0TBAIwADAdBgNV HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFH2gIv7VsVd3EIpr qCHbQmwf3/ATMB8GA1UdIwQYMBaAFH2gIv7VsVd3EIprqCHbQmwf3/ATMA0GCSqG SIb3DQEBCwUAA4IBAQCPMWtqpfFLCb7jcCdzWJ0hoNhnIjaH1yCSslk5IU4zZ8zp 7cQZv7L5CvgUZN9GRnaG5Juef7CnfCakrjxvFsjw2GRpT638giH0aCTpQXY9IbOx M3x9N62nDMo+jSuEnjNayVIL03qWvB4YH7WLpsz2Z+VYl6Vxe1QMMqs7KiZhms7a PLpqRQikLcOY7EHaYcBZBW/21Mfme2+wZyLSsSNKrC0pYAbYhnyjZQZt50VsI6vS 7inN2xPy56AWbPZTkHeiQIPYtIRLYjTVLeQRpb+sNdF7s+T4NsWpitS4ygRwYbih
hWiRo/SA18WBJdorMAa7y2/3nJyc1OIea+XVi0lE
-----END CERTIFICATE-----
CA certificate mc-default is added successfully.
Add each certificate authority to the browser-trusted CCL:
(config)# ssl ccl browser-trusted
(config-ccl-browser-trusted)# ca-certificate cert_name
Verify that the certificate(s) have been added to the browser_trusted CCL:
# show running-config ssl ccl browser-trusted