Create and use internal signed CA certificate for the Reporter FTPS service for log upload
search cancel

Create and use internal signed CA certificate for the Reporter FTPS service for log upload

book

Article ID: 263119

calendar_today

Updated On:

Products

Reporter-S500 Reporter-VA Reporter

Issue/Introduction

Use the internal signed CA certificate for the Reporter which will be used for the FTPS communication between Proxy and Reporter.

 

 

Environment

Reporter 11.0.1.1

Resolution

\In order to use an internal signed CA certificate for the Reporter which will be used for the FTPS communication between Proxy and Reporter you should follow these steps.

 

STEP1

Backup the "default" keyring stored on the Reporter using CLI or via Reporter API endpoint dashboard - https://<reporter-ip>:8082/api/report/getdeviceinfo 

  • Reporter> enable
  • Reporter# config t
  • Reporter(config)# ssl
  • Reporter(config-ssl)# view certificate default
<CA certificate content>

 

STEP2

Delete existing "default" certificate to replace it with your own

  • Reporter> enable
  • Reporter# config t
  • Reporter(config)# ssl
  • Reporter(config-ssl)# delete certificate default
    ok
  • Reporter(config-ssl)# view certificate default
    % certificate does not exist
  • Reporter(config-ssl)# view key
    Possible completions:
    keypair   View keypair configuration
      keyring   View keyring configuration
    reporter(config-ssl)# view keyring default
    Keyring ID:                 default
    Private key showability:    show
    Signing request:            absent
    Certificate:                absent

 

STEP3

Generate CSR to create a new certificate. Replace the by replacing Reporter hostname and reporter IP in the following command

  • Reporter(config-ssl)# create signing-request default subject "C=US,ST=OH,O=ORGANIZATION,CN=<reporter-hostname>" alternative-names <reporter-ip>

 

EXAMPLE: # create signing-request default subject "C=US,ST=OH,O=ORGANIZATION,CN=reporter.local.domain" alternative-names 192.168.1.20

Reference for CSR parameters: Reporter CSR

 

STEP4

View generated CSR 

 

  • Reporter(config-ssl)# view signing-request default

-----BEGIN CERTIFICATE REQUEST-----

<content of generated CSR>

-----END CERTIFICATE REQUEST-----
 

STEP5

Create a CA certificate with your Certificate Authority using the created CSR


STEP6

Import created CA certificate using the following CLI command

  • Reporter(config-ssl)# inline certificate default
<paste the content of the certificate>
Enter Ctrl+D to save the certificate

 

STEP7

Check the connectivity tab in Management Center by going to Management Center > Devices > Reporter > Connection Parameters and re-establish the connection. If needed re-add the Reporter in Management Center.

 

STEP8

On each Proxy device that will use FTPS upload to Reporter, please import Root CA and new Reporter certificate.

 

Proxy > Configuration > SSL > CA Certificates > CA Certificates > Import…
Name the certificate ex. Reporter CA ORG
Then add it to browser-trusted list
Proxy > Configuration > SSL > CA Certificates > CA Certificate Lists -> browser-trusted
Select the newly added CA certificate on the left and then click ADD
Save & apply all the changes

 

STEP9

Configure FTPS upload on Proxy to Reporter accordingly with Upload Access Logs to the Reporter Appliance