References
See the following items for additional information about Call Home feature and Smart Call Home service:
•Resources for Smart Call Home.
•CA Root Certificate Update Process.
For More Information
For more information about Smart Call Home, there are several options available, you can:
• "Smart Call Home Service Introduction - http://www.cisco.com/en/US/products/ps7334/serv_home.html
•Smart Call Home presentation - http://www.cisco.com/warp/public/437/services/smartcallhome/
•Catalyst 6500 Call Home Configuration Guide - http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_book09186a00801609ea.html
•Catalyst 6500 Command Reference - http://cisco.com/en/US/products/hw/switches/ps708/products_command_reference_book09186a0080160cd0.html
•Generic Online Diagnostics on the Cisco Catalyst 6500 Series Switch - http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper0900aecd801e659f.shtml
•Cisco Catalyst 6500 Series with Cisco IOS Software Modularity - http://www.cisco.com/en/US/products/hw/switches/ps708/prod_bulletin0900aecd80313e15.html
•Embedded Event Manager (EEM) on the Cisco Catalyst 6500 Series - http://cisco.com/en/US/products/hw/switches/ps708/products_white_paper0900aecd805457c3.shtml
•Cisco 7600 Series Command References - http://www.cisco.com/en/US/products/hw/routers/ps368/prod_command_reference_list.html
•Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SX - http://www.cisco.com/en/US/partner/docs/routers/7600/ios/12.2SXF/configuration/guide/swcg.html
•Cisco 7600 Series Technical References - http://www.cisco.com/en/US/products/hw/routers/ps368/prod_technical_reference_list.html
•Cisco 7600 White Papers - http://www.cisco.com/en/US/products/hw/routers/ps368/prod_white_papers_list.html
•Use the feedback box on the Smart Call Home web application
•Access the Smart Call Home Technical Overview - http://www.cisco.com/application/pdf/en/us/guest/products/ps7334/c1266/cdccont_0900aecd8063c595.pdf
•Contact Smart Call Home at email address - sch-support@cisco.com
Resources for Smart Call Home
The following items are resources that can be used with the Smart Call Home service:
•Cisco server certificate
•Download Transport Gateway
•Download (Smart) Call Home Configuration Script
•Smart Call Home Users' Guide
•Smart Call Home Technical Overview
•Call Home Configuration Guide
•Smart Call Home Web Application
Terminology
The following list defines the different components, tools and terms used in Smart Call Home:
•Call Home (CH) - Product feature in IOS version 12.3(33)SXH that uses SMTP or HTTP connections established with a configurable destination to send formatted messages. The messages contain Inventory or Configuration information that are collected at scheduled intervals. Configuration, Diagnostics, Environmental, Inventory or System Log (syslog) information is collected during real-time events; Test, Inventory, Configuration Diagnostic and Environmental information are collected on-demand.
The IOS code incorporates device diagnostics (i.e. GOLD) that enables the sending of the following outbound alerts and alarms in email messages to Smart Call Home.
•Call Home Alert Group - Is a configurable Call Home feature that groups detectable events from one of the Configuration, Diagnostics, Environmental, Inventory or System Log categories for monitoring.
•Call Home Profile - Is a configurable Call Home feature that provides a structure to bundle together several Alert Groups, to select transport methods, to assign multiple destination addresses and to specify message format options.
•Call Home message formats - Are configurable formatting options used by the IOS Call Home feature when creating messages. The Short Text format is suitable for pagers or printed reports and the Long Text format contains Full formatted message information suitable for human reading. The XML Messages contain the same data as the Long Message, but with the addition of XML tagging and AML specific transport information to allow machine-readable parsing and routing of the message in the Smart Call Home System.
•Call Home message type - Is a field within an IOS Call Home message that indicates what type of message it contains: Configuration, Diagnostics, Environmental, Inventory, Test or System Log (syslog) information.
•Call Home message sub-type - Is a field within an IOS Call Home message that indicates that the message contains full or delta Configuration or Inventory information, Gold major, minor or normal Diagnostics information, minor or major Environmental information, Test or System Log (syslog) information.
•Cisco.com profile - Where information on Cisco contracts, case management permissions and user's company are kept for use by the Smart Call Home service.
•Cisco Backend (CBE) - Contains a collection of various tools and information:
–Smart Call Home service.
–Guided searches for the Smart Call Home reporting process.
–Generation of customized reports for Smart Call Home users.
–Device install-base data and their associated contracts.
–Customer device-based troubleshooting tools.
•Cisco Contracts:
Contract information is kept in the Cisco.com profile. A customer can register a device using one of the following types of branded contracts:
–Cisco Branded - Direct: Customer bought product directly from Cisco and contacts Cisco directly if they need support.
–Cisco Branded - CBR (Cisco Branded Reseller): Customer bought product from Cisco reseller and customer contacts Cisco directly if they need support.
–Other types of contracts will become supported in a future release.
•Customer Specific Network Alerts - Smart Call Home supports the following Call Home message types:
–Configuration - Contains image name and feature, running and startup configs, SW features technologies and sub-technologies.
–Environment - Contains information about environmental alarms for the device clock, VTT, power supply and modules. Depending on the type of alert, a notification is sent to the customer and a Service Request is generated.
–GOLD - Contains information about diagnostic tests, what tests were run, their status, and results. Depending on the type of failure, a Service Request is generated.
–Inventory - Contains information about the device, software, modules.
–Test - Contains information that is common to all message types. The content of test messages is not processed by Smart Call Home and hence no specific message processing results will be available for test messages.
–Embedded Event Manager (EEM) - Detects real time events and takes action based on a pre-defined rules policy. EEM has event detectors with which Call Home registers; the registration is dependent upon which alert-groups the EEM profile is configured. The profile can subscribe to alert-groups for the following type events:
•GOLD diagnostic
•Environmental
•Configuration
•Inventory
•Generic Online Diagnostics (GOLD) - Provides a common command-line interface (CLI) for manually generating Smart Call Home messages and scheduling run-time diagnostics.
GOLD can detect faults in hardware and provides the triggers that proactively engage high-availability features and actions, such as the switch-hitter of modules or turning off modules or individual ports. The GOLD test suite also gives support personnel the tools to test the functioning of hardware modules and troubleshoot down to the field-replaceable unit (FRU) level.
•Smart Call Home service- Is a service that captures and processes Call Home diagnostics and inventory alarms that are sent from a device containing the Smart Call Home feature. This service provides proactive messaging that resolves issues before they become problems and for those problems that occur, resolving them faster using enhanced diagnostics
•Smart Call Home Client - A device that sends or forwards IOS Call Home or other supported messages to Smart Call Home using SMTP or HTTPS connections; the messages must be registered with the Smart Call Home system.
•Smart Call Home supported messages - Currently is an AML/XML message, created by a device using the IOS Call Home Feature, that contains Configuration (full), Diagnostics (major & minor), Environmental (major & minor), Inventory (full), Test or System Log information.
•Transport Gateway (TG) - Securely transports Call Home messages from the customer hardware to the Smart Call Home service on the Cisco Backend. A Smart Call Home software client that runs on a device under the Windows 2000, Windows 2003, Windows XP, Solaris or Linux operating systems. The Transport Gateway acts as an intermediary device and is capable of forwarding supported messages collected from Smart Call Home Client devices and sends them to the Smart Call Home System using an HTTPS connection.
CA Root Certificate Update Process
Periodically, Cisco updates security credentials to ensure the continued secure communications to the Smart Call Home back-end. This section applies to those who are using either Transport Gateway or the HTTPS method for communicating to the back-end.
When there is a security credential update from Cisco, instructions will be sent via e-mail to SCH-registered user e-mail addresses that are linked to a valid CCO ID. Instructions for updating security credentials are as follows:
There are two methods for secure communication to the Smart Call Home backend, Transport Gateway (TG) and HTTPS. Both of these options have a certificate update process:
There are two methods for secure communication to the Smart Call Home backend, Transport Gateway (TG) and HTTPS. Both of these options have a certificate update process:
•For Transport Gateway, there are two variations for the certificate update process:
–Linux/Solaris, which uses the certUpgrader_script.zip to update the TG keystore (certificate) file.
–Windows, which uses the certUpgrader_windows.zip to update the TG keystore (certificate) file.
•For the HTTPS method, there are two variations (regardless of platform), IOS devices and Nexus 7000 devices.
–IOS devices use either IOS certificate content from this section of the Smart Call Home User Guide, or use the contents from the Verisign-G3-SSCA.zip file.
–Nexus 7000 devices use either the "chained" certificate content from this section of the Smart Call Home User Guide, or use the combined contents of the certificate files in the Verisign-CA-Certs.tar file.
Transport Gateway Certificate Update Process
There are two Transport Gateway certificate update processes:
•Update the Linux/Solaris Root CA Certificate
•Update the Window's Root CA Certificate
Both of these processes use scripts that update the certificate file on the Transport Gateway.
Update the Linux/Solaris Root CA Certificate
The following information explains how to update the Linux/Solaris Root CA Certificate for Transport Gateway Users. This process instructs you how to download and use the certUpgrader_script.zip file:
•Go to the following URL:
•On the Download Software window, click the Download Now button for the certUpgrader_script.zip file; the Download Cart window appears.
•On the Download Cart window, click Agree; the Select a Download Option area appears.
•In the Select a Download Option area click the Non Java Download option; the Non Java Download area appears.
•Click Download for the certUpgrader_script.zip file; the file is downloaded to your computer.
•On the Transport Gateway device, navigate to the bin directory of the Transport Gateway installation location.
Example: /opt/CSCOSchtg/tg/bin
•Unzip the certUpgrader_script.zip file to the bin directory.
•After unzipping the file, the certUpgrader_script.sh and Verisign-G3-SSCA.cer files will be available in the bin directory.
•Stop the TG service, if it's running.
•Click on the certUpgrader_script.sh batch file to start importing the new root CA cert to the TG Certificate chain.
Note Give permission, if not available, for the certUpgrader_script.sh patch file (i.e. # chmod 777 certUpgrader_script.sh)
•When asked if you want to trust this certificate, enter yes and press ENTER.
•Restart the TG service; now the TG should be able to communicate with the backend servers, which have the new root CA certificate.
Update the Window's Root CA Certificate
The following information is the procedure for how to update the Windows Root CA Certificate for Transport Gateway Users. This process instructs you how to download and use the certUpgrader_windows.zip file:
•Go to the following URL:
http://www.cisco.com/cisco/software/release.html?mdfid=282152778&catid=268439477&softwareid=283490182&release=3.1.1&rellifecycle=&relind=AVAILABLE&reltype=latest
•On the Download Software window, click the Download Now button for the certUpgrader_windows.zip file; the Download Cart window appears.
On the Download Cart window, click Agree; the Select a Download Option area appears.
•In the Select a Download Option area click the Non Java Download option; the Non Java Download area appears.
•Click Download for the certUpgrader_windows.zip file; the file is downloaded to your computer.
•On the Transport Gateway device, navigate to the bin directory of the Transport Gateway installation location.
Example: C:\Program Files\Cisco Systems\Cisco Transport Gateway\Transport Gateway\bin
•Unzip the certUpgrader_windows.zip file to the bin directory.
•After unzipping the file the certUpgrader_windows.bat and Verisign-G3-SSCA.cer files will be available in the bin directory.
•Stop the TG service, if it's running.
•Click on the certUpgrader_windows.bat batch file to start importing the new root CA cert to the TG Certificate chain.
•When asked to enter keystore password: enter Test123% and press ENTER.
•When asked if you want to trust this certificate, enter yes and press ENTER.
•Restart the TG service; now the TG should be able to communicate with the backend servers, which have the new root CA certificate.
HTTPS Certificate Processes (New or Update)
There are two different HTTPS certificate processes:
•HTTPS Certificate Process for All Devices Except Nexus 7000 Devices
•HTTPS Certificate Process for Nexus 7000 Devices
HTTPS Certificate Process for All Devices Except Nexus 7000 Devices
There are two different time frames when you will be using certificate content on your IOS device, when you are:
•Adding the certificate to an IOS device, for the first time; you will perform the steps and use the certificate data identified below in this document.
•When you are updating an expired security certificate on an IOS device, you can use the certificate content contained in the Verisign-G3-SSCA.zip file.
Adding the Certificate to a non-Nexus 7000 Device
For all IOS devices, use this procedure to update the Root CA Certificate for HTTPS Users:
•Identify all trust points.
•Delete the existing Smart Call Home Certificate trust point.
•Create a new trust point.
•Copy the new certificate.
•Save and send test message.
For all IOS devices, use the following specific instructions to install the new certificate:
•If the old trustpoint name is not cisco then replace the text in <angle brackets> with the appropriate trustpoint name, or remove the lines with the blue text if the old trustpoint is needed or does not exist.
•Enter the following commands:
config t
no crypto ca trustpoint <cisco>
yes
crypto ca trustpoint cisco
enroll terminal
exit
crypto ca authenticate cisco
When you are adding the certificate to your IOS device for the first time, use the following certificate content:
IMPORTANT: PLEASE COPY THE CERTIFICATE CONTENT BELOW USING A PLAIN TEXT EDITOR AND PASTE THE CONTENT AS PLAIN TEXT; THIS REMOVES ANY POSSIBLE FORMATTING SYMBOLS, WHICH ALTER THE CERTIFICATE CONTENT.
Note Your copy of the security certificate should include each and every character, including the certificate markers. Remove any blank lines either after or before the certificate markers.
-----BEGIN CERTIFICATE-----
MIIF7DCCBNSgAwIBAgIQbsx6pacDIAm4zrz06VLUkTANBgkqhkiG9w0BAQUFADCByjELMA kGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln biBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIE ZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1 YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTAwMjA4MD AwMDAwWhcNMjAwMjA3MjM1OTU5WjCBtTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT aWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEz JUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEv MC0GA1UEAxMmVmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA 0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rC rFbG5btljkRPTc5v7QlK1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8f0 MmV1gzgzszChew0E6RJK2GfWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDKtpo9yus3 nABINYYpUHjoRWPNGUFP9ZXse5jUxHGzUL4os4+guVOc9cosI6n9FAboGLSa6Dxugf3kzT U2s1HTaewSulZub5tXxYsU5w7HnO1KVGrJTcW/EbGuHGeBy0RVM5l/JJs/U0V/hhrzPPpt f4H1uErT9YU3HLWm0AnkGHs4TvoPAgMBAAGjggHfMIIB2zA0BggrBgEFBQcBAQQoMCYwJA YIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTASBgNVHRMBAf8ECDAGAQH/ AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4RQEHFwMwVjAoBggrBgEFBQcCARYcaHR0cHM6Ly 93d3cudmVyaXNpZ24uY29tL2NwczAqBggrBgEFBQcCAjAeGhxodHRwczovL3d3dy52ZXJp c2lnbi5jb20vcnBhMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY2 9tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkw VzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFi NodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAoBgNVHREEITAfpB0wGzEZ MBcGA1UEAxMQVmVyaVNpZ25NUEtJLTItNjAdBgNVHQ4EFgQUDURcFlNEwYJ+HSCrJfQBY9 i+eaUwHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQAD ggEBAAyDJO/dwwzZWJz+NrbrioBL0aP3nfPMU++CnqOh5pfBWJ11bOAdG0z60cEtBcDqbr IicFXZIDNAMwfCZYP6j0M3m+oOmmxw7vacgDvZN/R6bezQGH1JSsqZxxkoor7YdyT3hSaG bYcFQEFn0Sc67dxIHSLNCwuLvPSxe/20majpdirhGi2HbnTTiN0eIsbfFrYrghQKlFzyUO yvzv9iNw2tZdMGQVPtAhTItVgooazgW+yzf5VK+wPIrSbb5mZ4EkrZn0L74ZjmQoObj49n JOhhGbXdzbULJgWOw27EyHW4Rs/iGAZeqa6ogZpHFt4MKGwlJ7net4RYxh84HqTEy2Y=
-----END CERTIFICATE-----
quit
yes
end
write mem
call-home send alert-group inventory profile CiscoTAC-1
Downloading a New Certificate for an IOS Device
If you need the new CA Root certificate file it can be downloaded perform the following steps:
•Go to the following URL:
•On the Download Software window, click the Download Now button for the Verisign-G3-SSCA.zip file
•Unzip the file and use the data contained in the certificate file.
HTTPS Certificate Process for Nexus 7000 Devices
There are two different time frames when you will be using HTTPS certificate content on your Nexus 7000 device, when you are:
•Adding the certificate to a Nexus 7000 device, for the first time; you will perform the steps and use the certificate data identified below in this document.
•When you are updating an expired security certificate on a Nexus 7000 device, you will use the script files and certificate data contained in the Verisign-CAs-Certs.tar file.
Adding the Certificate to a Nexus 7000 Device
For Nexus 7000 devices, use the following instructions to install a security root certificates chain:
•Copy the root certificates chain below.
•Configure a trust-point and prepare to enroll the certificate via the terminal using copy and paste when prompted.
NX-7000(config)#crypto ca trustpoint cisco
NX-7000(config-trustpoint)#enroll terminal
NX-7000(config-trustpoint)#crypto ca authenticate cisco
Input (cut & paste) the CA certificate (chain) in PEM format.
IMPORTANT: PLEASE COPY THE CERTIFICATE CONTENT BELOW USING A PLAIN TEXT EDITOR AND PASTE THE CONTENT AS PLAIN TEXT; THIS REMOVES ANY POSSIBLE FORMATTING SYMBOLS, WHICH ALTER THE CERTIFICATE CONTENT.
Note Your copy of the security certificate should include each and every character, including the certificate markers. Remove any blank lines either after or before the certificate markers.
-----BEGIN CERTIFICATE-----
MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBh MCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1Ymxp YyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDT I4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu MTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG 9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69q RUCPhAwL0TPZ2RHP7gJYHyX3KqhEBarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0j nvT0Lwdd8KkMaOIG+YD/isI19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUu gWhFpwIDAQABMA0GCSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki 98tsX63/Dolbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJ XNycAA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGNDCCBRygAwIBAgIQWrQ6b86cjzk7c3BoO7KqETANBgkqhkiG9w0BAQUFADCBtTELMA kGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln biBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3 cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xhc3MgMyBT ZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTAxMjEyMDAwMDAwWhcNMTExMjEyMjM1OTU5Wj B5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxQIU2FuIEpv c2UxFjAUBgNVBAoUDUNpc2NvIFN5c3RlbXMxEDAOBgNVBAsUB0FUUy1BV1MxGDAWBgNVBA MUD3Rvb2xzLmNpc2NvLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzouIOWzv djJlWDPYk55kyhbnxxYv6S1eZ0blZ09XdipLrf+YluZ8++ux3Ld6lr6QnVdI1/AYYA2K5F 4+2D+ZJUwLnaQW1QYIzbmeVhbdcAa7IwuR+P8eMUaetOUAdC641QvMXtpZQ5I0WdTS2IV/ O7A3H1V3QInS2+0xnnehTT8CAwEAAaOCAv0wggL5MIIBKAYDVR0RBIIBHzCCARuCD3Rvb2 xzLmNpc2NvLmNvbYIOYXBwcy5jaXNjby5jb22CEHRvb2xzMS5jaXNjby5jb22CEHRvb2xz Mi5jaXNjby5jb22CEHRvb2xzOS5jaXNjby5jb22CFHRvb2xzLXdhczUuY2lzY28uY29tgh R0b29scy13YXM2LmNpc2NvLmNvbYIUdG9vbHMtd2FzNy5jaXNjby5jb22CFXRvb2xzLXRl c3QzLmNpc2NvLmNvbYIVdG9vbHMtdGVzdDQuY2lzY28uY29tghp0b29scy10ZXN0MS13YX M3LmNpc2NvLmNvbYIadG9vbHMyLXRlc3Qtd2FzNi5jaXNjby5jb22CGnRvb2xzMi10ZXN0 LXdhczcuY2lzY28uY29tMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMEUGA1UdHwQ+MDwwOq A4oDaGNGh0dHA6Ly9TVlJTZWN1cmUtRzMtY3JsLnZlcmlzaWduLmNvbS9TVlJTZWN1cmVH My5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRwcz ovL3d3dy52ZXJpc2lnbi5jb20vcnBhMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD AjAfBgNVHSMEGDAWgBQNRFwWU0TBgn4dIKsl9AFj2L55pTB2BggrBgEFBQcBAQRqMGgwJA YIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTBABggrBgEFBQcwAoY0aHR0 cDovL1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjBuBg grBgEFBQcBDARiMGChXqBcMFowWDBWFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBRLa7ko lgYMu9BSOJsprEsHiyEFGDAmFiRodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvMS 5naWYwDQYJKoZIhvcNAQEFBQADggEBAIskILQZDB7FjTQoqyu3LlSLF1yl+6bdhgXOJFmC 9Zdl2g/91hHpKVs3CYPhGcTef8ehVwa3CN4Iuvatvpbf+u1/xayQ8kppjQ3G2Akv9QofB9 dbMmnd6r0KmcLNy7Bxn6L96Fu2XbAzoHQRYrLIMr4F4A+A1yDSjKO6DbIQQzT8vFHtboI0 HjoVGrKEH5+KqB1RGYwfJDUjdfQoifFHW78Ax/NbeUd8i4/HMbM3zT3TW8oGlrUJaFiFMJ wDTUspBzYYKPvDOcl+uRFSeeoOJsB3L6U2ckvqQOzSJ4vZ/Jh6B0UBpbjgL3Tm8PraGikU CCFlA7a9V0JX0dgLdRpWgUI=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBfMQswCQ YDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMg UHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMD AwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWdu LCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYy kgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYD VQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQX V0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o 9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP 6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/Ar r0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNHiDxpg8v+ R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMBAAGjggGbMIIBlz APBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNp Z24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKj AoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQU f9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2 UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xv Z28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBz ABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsG AQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQ UAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDD PLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW/ 9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF7DCCBNSgAwIBAgIQbsx6pacDIAm4zrz06VLUkTANBgkqhkiG9w0BAQUFADCByjELMA kGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln biBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIE ZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1 YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTAwMjA4MD AwMDAwWhcNMjAwMjA3MjM1OTU5WjCBtTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT aWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEz JUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEv MC0GA1UEAxMmVmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA 0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rC rFbG5btljkRPTc5v7QlK1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8f0 MmV1gzgzszChew0E6RJK2GfWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDKtpo9yus3 nABINYYpUHjoRWPNGUFP9ZXse5jUxHGzUL4os4+guVOc9cosI6n9FAboGLSa6Dxugf3kzT U2s1HTaewSulZub5tXxYsU5w7HnO1KVGrJTcW/EbGuHGeBy0RVM5l/JJs/U0V/hhrzPPpt f4H1uErT9YU3HLWm0AnkGHs4TvoPAgMBAAGjggHfMIIB2zA0BggrBgEFBQcBAQQoMCYwJA YIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTASBgNVHRMBAf8ECDAGAQH/ AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4RQEHFwMwVjAoBggrBgEFBQcCARYcaHR0cHM6Ly 93d3cudmVyaXNpZ24uY29tL2NwczAqBggrBgEFBQcCAjAeGhxodHRwczovL3d3dy52ZXJp c2lnbi5jb20vcnBhMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY2 9tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkw VzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFi NodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAoBgNVHREEITAfpB0wGzEZ MBcGA1UEAxMQVmVyaVNpZ25NUEtJLTItNjAdBgNVHQ4EFgQUDURcFlNEwYJ+HSCrJfQBY9 i+eaUwHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQAD ggEBAAyDJO/dwwzZWJz+NrbrioBL0aP3nfPMU++CnqOh5pfBWJ11bOAdG0z60cEtBcDqbr IicFXZIDNAMwfCZYP6j0M3m+oOmmxw7vacgDvZN/R6bezQGH1JSsqZxxkoor7YdyT3hSaG bYcFQEFn0Sc67dxIHSLNCwuLvPSxe/20majpdirhGi2HbnTTiN0eIsbfFrYrghQKlFzyUO yvzv9iNw2tZdMGQVPtAhTItVgooazgW+yzf5VK+wPIrSbb5mZ4EkrZn0L74ZjmQoObj49n JOhhGbXdzbULJgWOw27EyHW4Rs/iGAZeqa6ogZpHFt4MKGwlJ7net4RYxh84HqTEy2Y=
-----END CERTIFICATE-----
On the next line following the certificate content, end the input by entering END OF INPUT:
Hit Enter, a prompt appears asking "Do you accept this certificate? [yes/no]:"; enter yes
Exit configuration mode and save the configuration -
NX-7000(config)#end
NX-7000#copy running-config startup-config
Downloading a New Certificate for a Nexus 7000 Device
If you need the new certificate files that comprise the CA Root certificate, perform the following steps:
Go to the following URL:
On the Download Software window, click the Download Now button for the Verisign-CAs-Certs.tar file
Gunzip the Verisign-CAs-Certs.tar file to the directory of your choice.
Additional Information
For more information on the SSL certificate, see the information at the following URL:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AD146
For technical support, please contact Cisco Smart Services Bureau (SSB) via:
Email: ask-smart-services@cisco.com <mailto:ask-smart-services@cisco.com>
Telephone:
From the rest of the world, choose the appropriate phone number from http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html