Chapter 3
Configuring SSL Certificates and Keys
Figure 3-1
server certificate on the CSS.
Figure 3-1
on the FTP-record
the file to the CSS.
OL-5655-01
provides an overview of how to configure an RSA key pair and SSL
SSL Key and Server Certificate Configuration Overview
Configure an FTP or SFTP server on the CSS as an FTP record.
This record allows you to copy files from the server to the CSS
(for example, a certificate or RSA key pair file).
Save the key pair
Yes
server and copy
In global configuration mode, create the RSA private/public key pair.
The CSS uses the key pair to sign and encrypt packet data. Also the key pair
is required for another device to exchange an SSL certificate with the CSS.
Associate the key pair to a filename to allow
the CSS to recognize it as a RSA key pair.
Yes
Create the certificate signing request (CSR) to apply for an SSL certificate.
The CSR includes the RSA key pair filename.
Copy and paste the CSR to the Certificate Authority (CA) web-based
application or email the CSR to the CA. When you receive the certificate
from the CA, make sure that you save it in its received format.
Save the certificate on the FTP-record server
Associate the certificate to a filename to allow
the CSS to recognize it as a certificate.
Verify that the public key in the keypair association
matches the public key in the certificate association.
Now you can configure the CSS SSL proxy list,
Do you
have a pre-existing
RSA key pair?
No
Do you
want to create a temporary
test certificate?
No
Do you
have a pre-existing
certificate?
No
and copy the file to the CSS.
service, and content rule.
Cisco Content Services Switch SSL Configuration Guide
Overview of SSL Certificates and Keys
Yes
Create a self-signed
certificate.
3-3