Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
0
Helpful
2
Replies

Upload certificates for SSL in Box-to-Box redundancy

Go to solution
ruben.montes
Level 1
Level 1

‎08-14-2009 01:18 AM

Hello,

as for the configuration replication I use the commit_redundancy script, but how can I synchronize the certificates between the two boxes?

Do I have to do it independently in the two boxes? Can somebody give some detailed steps?

Thanks in advance,

Ruben

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎08-14-2009 02:24 AM

Ruben,

this needs to be done manually.

You have to import the certificates on each box separately.

There is no syncrhonization of the files.

Gilles.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎08-14-2009 02:24 AM

Ruben,

this needs to be done manually.

You have to import the certificates on each box separately.

There is no syncrhonization of the files.

Gilles.

0 Helpful

Go to solution
jason.espino
Level 1
Level 1

‎08-16-2009 08:14 PM

Hello Ruben,

As Gilles mentioned you would have to import the SSL files to each CSS. This can be accomplished with rcmd(remote commands) ran on the primary/master CSS.

#1. Ensure the SSL files you wish to import to the secondary CSS are already on the primary CSS.

#2. Create an FTP record with the APP session IP address of the primary/current master CSS.

ftp-record FTP username "password"

#3. Export the SSL files directly on the primary CSS using the new FTP record created. Doing this will place the SSL files in the FTP directory on the primary/master CSS which would allow the secondary/backup CSS to import the files.

copy ssl ftp export rsacert.pem "password used to import file"

#4. Once the files have been successfully exported on the primary/master CSS sync the configurations. You will still get the error message stating the new SSL files are not on the secondary/backup CSS however, doing this will create/place the new FTP record you have just created on the secondary/backup CSS.

#5. Now import the SSL files to the secondary/backup CSS using rcmd commands on the primary/master CSS.

rcmd "copy ssl ftp import rsacert.pem PEM 'password'"

Once completed and both the rsacert/key have been imported to the secondary/backup CSS you can sync the configurations again and should not receive an error. For this to work properly ensure both CSS's are not restricting FTP connections and rcmd commands are enabled.

no restrict ftp

I hope this info helps you out!

Jason Espino

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents