To install your certificate on Cisco CSS 11500, follow the instructions below:
This document provides instructions for installing certificates. If you are unable to use these instructions for your server, we recommend that you contact either the vendor of your software or an organization that supports Cisco CSS 11500.
Step 1: Obtain the GeoTrust SSL CA Certificate
a) Download the GeoTrust SSL CA.
Note: Be sure to use Vi or Notepad as word processing programs like Microsoft Notepad may add additional characters that may render the certificate unusable.
b) Copy and paste the GeoTrust SSL CA into a text file and save as "intermediate.txt".
Step 2: Download your certificate
1. Download your certificate.
Step 3: Creating the Concatenated text file with .pem format
Cisco CSS 11500 requires the certificate and the Signing Certificate (Intermediate Certificate) to be concatenated in a text file with a .pem extension. Download your Certificate and Intermediate Certificate and copy the Certificates to a Notepad file or other text editor. Copy and paste the Intermediate Certificate below your issued Certificate in the following order: yourCertificate >followed by the Intermediate. Save the file with a .pem extension(i.e mycertfile.pem)
1. Open the SSL certificate file you obtained in Step 2
2. Copy the contents including the
-----BEGIN CERTIFICATE-----
and
----END CERTIFICATE-----
3. Open the Intermediate.txt file you created in Step 1
4. At the top of the file, paste the contents from Step 1
5. Save this file as .pem (i.e. mycertfile.pem)
E.g of what it should look like:
-----BEGIN CERTIFICATE-----
Your SSL Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
GeoTrust SSL CA
-----END CERTIFICATE-----
Step 4: Install your Certificate
1. Import the concatenated certificate file (.pem) into the CSS.
2. Associate the certificate to the ssl-server.
3. Apply the CA of the ssl-server within the ssl-proxy-list
4. To verify, the private key that needs to be used is the private key that generated the Certificate Signing Request (CSR) file to create the Certificate.
There is only one private key for a Certificate. Make sure to verify the Certificate and private key after they are imported. You can issue the command shown below.
(config)# ssl verify myrsacert1 myrsakey1
Certificate and key match
For more information on how to associate the Certificate on the CSS please read the following Cisco article: