Use the internal signed CA certificate for the Reporter which will be used for the FTPS communication between Proxy and Reporter.
Reporter 11.0.1.1
\In order to use an internal signed CA certificate for the Reporter which will be used for the FTPS communication between Proxy and Reporter you should follow these steps.
STEP1
Backup the "default" keyring stored on the Reporter using CLI or via Reporter API endpoint dashboard - https://<reporter-ip>:8082/api/report/getdeviceinfo
Reporter> enable Reporter# config t Reporter(config)# ssl Reporter(config-ssl)# view certificate default<CA certificate content>
STEP2
Delete existing "default" certificate to replace it with your own
Reporter> enable Reporter# config t Reporter(config)# ssl Reporter(config-ssl)# delete certificate default
ok Reporter(config-ssl)# view certificate default
% certificate does not exist Reporter(config-ssl)# view key
Possible completions:
keypair View keypair configuration
keyring View keyring configuration
reporter(config-ssl)# view keyring default
Keyring ID: default
Private key showability: show
Signing request: absent
Certificate: absent
STEP3
Generate CSR to create a new certificate. Replace the by replacing Reporter hostname and reporter IP in the following command
EXAMPLE: # create signing-request default subject "C=US,ST=OH,O=ORGANIZATION,CN=reporter.local.domain" alternative-names 192.168.1.20
Reference for CSR parameters: Reporter CSR
STEP4
View generated CSR
Reporter(config-ssl)# view signing-request default-----BEGIN CERTIFICATE REQUEST-----
<content of generated CSR>
-----END CERTIFICATE REQUEST-----
STEP5
Create a CA certificate with your Certificate Authority using the created CSR
STEP6
Import created CA certificate using the following CLI command
<paste the content of the certificate>Enter Ctrl+D to save the certificate
STEP7
Check the connectivity tab in Management Center by going to Management Center > Devices > Reporter > Connection Parameters and re-establish the connection. If needed re-add the Reporter in Management Center.
STEP8
On each Proxy device that will use FTPS upload to Reporter, please import Root CA and new Reporter certificate.
Proxy > Configuration > SSL > CA Certificates > CA Certificates > Import…Name the certificate ex. Reporter CA ORGThen add it to browser-trusted listProxy > Configuration > SSL > CA Certificates > CA Certificate Lists -> browser-trustedSelect the newly added CA certificate on the left and then click ADDSave & apply all the changes
STEP9
Configure FTPS upload on Proxy to Reporter accordingly with Upload Access Logs to the Reporter Appliance