Support User Manuals

Cisco Systems OL-27172-01 Mobility Aid User Manual

Open as PDF

of 322

13-5

Cisco Broadband Access Center 3.8 Administrator Guide

OL-27172-01

Chapter 13 Configuring CWMP Service Security

Configuring SSL Service

• keystore-password—Identifies the private key password and the keystore password that you used

when you created your keystore file. This password must be between 6 and 30 characters.

• key-password—Identifies the password used to access keys within DPE keystore. This password

must be between 6 and 30 characters.

• export-password—Identifies the password used to decrypt the key in the PKCS#12 file. The export

password must be between 6 and 30 characters.

• export-key-password—Identifies the password used to access keys within the PKCS#12 keystore.

This password must be between 6 and 30 characters.

For example:

dpe# keystore import-pkcs12 example.keystore example.pkcs12 changeme changeme changeme

changeme

% Reading alias [1]

% Reading alias [1]: key with format [PKCS8] algorithm [RSA]

% Reading alias [1]: cert type [X.509]

% Created JKS keystore: example.keystore

% OK

Step 2 Copy the new keystore file into the DPE BPR_HOME/dpe/conf directory.

Step 3 At the CLI, configure one of the DPE services to use the new keystore. See Configuring SSL Service,

page 13-3, for details.

Step 4 Restart the DPE by using the dpe reload command from the CLI, or the /etc/init.d/bprAgent restart

dpe command from the watchdog agent command line (see Using Cisco BAC Process Watchdog from

the Command Line, page 9-2).

Using the Keytool Commands

The keytool utility uses command arguments to configure a DPE keystore. Table 13-1 lists the keytool

commands and their descriptions.

Table 13-1 Keytool Commands

-alias alias Identifies the identity assigned to a keystore entry, which stores the

certificate chain and the private key. Subsequent keytool commands

must use the same alias to refer to the entity.

-dname dname Identifies the X.500 Distinguished Names used to identify entities,

such as those that the subject and the issuer named.

-file csr_file Identifies the CSR file to be exported.

-file cert_file Identifies the file from which the certificate is to be read.

-keyalg keyalg Identifies the algorithm to be used for key-pair creation. The values

are DSA (default) and RSA.

-keysize keysize Specifies a keysize, whose values must be in multiples of 64 bits.

-keypass keypass Identifies the password assigned to a key pair.

-keystore keystore Customizes the name and location of a keystore.

previous next