Procedure to perform CSR on Reporter and later Import certificate back to reporter once got signed.
To create the CSR, Login to reporter CLI, under configure terminal mode
Use the command:
- reporter(config)#ssl create signing-request default subject
then hit enter -
You will be asked for "Value for 'subject' (<Certificate subject>):"
Note: You have to be sure that you add the serial number as the OU in the cert.
example where you can change value for below fields accordingly
Value for '' (<Country Code>): US
Value for '' (<State or Province Name (full name)>): CA
Value for '' (<Organization Name (eg company)>): YourCompanyName
Value for '' (<Organizational Unit Name (eg section)>): Serial number of Reporter
Value for '' (<Common Name (eg reporter FQDN or IP address )>): reporter.yourdomain.local
- Once created, use the command "ssl view signing-request default" and then copy the signing request to get signed. Please work with your Certificate Authority Team to sign the CSR with your root CA. Please keep in mind root CA should be trusted to your browser, MC or any other device which is communicating with reporter.
Note: You must use the default key to generate the CSR. If you don't, Reporter will not use that certificate for the GUI.
When CSR is signed, and you have signed certificate, please open it in notepad++, copy content, and use the command below to import it to the reporter:
reporter(config)# ssl inline certificate default
Hit enter, then paste the cert, hit Enter one more time to go to the next line and hit Ctrl + D.
- Lastly, in order to load certificate please use one of the following options:
1) (preferably) Please restart reporter using cli command following "stop-reporter" and "start-reporter". Example is below.
Are you sure? (y/N): y
Note: If you you are using FTPS service to upload logs to the reporter, please re-enable FTPS feature on the reporter to load certificate.
2) Alternatively, reboot Reporter using command "restart".