Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Upload certificates for SSL in Box-to-Box redundancy

Hello,

as for the configuration replication I use the commit_redundancy script, but how can I synchronize the certificates between the two boxes?

Do I have to do it independently in the two boxes? Can somebody give some detailed steps?

Thanks in advance,

Ruben

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Upload certificates for SSL in Box-to-Box redundancy

Ruben,

this needs to be done manually.

You have to import the certificates on each box separately.

There is no syncrhonization of the files.

Gilles.

2 REPLIES
Cisco Employee

Re: Upload certificates for SSL in Box-to-Box redundancy

Ruben,

this needs to be done manually.

You have to import the certificates on each box separately.

There is no syncrhonization of the files.

Gilles.

New Member

Re: Upload certificates for SSL in Box-to-Box redundancy

Hello Ruben,

As Gilles mentioned you would have to import the SSL files to each CSS. This can be accomplished with rcmd(remote commands) ran on the primary/master CSS.

#1. Ensure the SSL files you wish to import to the secondary CSS are already on the primary CSS.

#2. Create an FTP record with the APP session IP address of the primary/current master CSS.

ftp-record FTP username "password"

#3. Export the SSL files directly on the primary CSS using the new FTP record created. Doing this will place the SSL files in the FTP directory on the primary/master CSS which would allow the secondary/backup CSS to import the files.

copy ssl ftp export rsacert.pem "password used to import file"

#4. Once the files have been successfully exported on the primary/master CSS sync the configurations. You will still get the error message stating the new SSL files are not on the secondary/backup CSS however, doing this will create/place the new FTP record you have just created on the secondary/backup CSS.

#5. Now import the SSL files to the secondary/backup CSS using rcmd commands on the primary/master CSS.

rcmd "copy ssl ftp import rsacert.pem PEM 'password'"

Once completed and both the rsacert/key have been imported to the secondary/backup CSS you can sync the configurations again and should not receive an error. For this to work properly ensure both CSS's are not restricting FTP connections and rcmd commands are enabled.

no restrict ftp

I hope this info helps you out!

Jason Espino

173
Views
0
Helpful
2
Replies
CreatePlease to create content