Cisco Unified MeetingPlace, Release 7.0 -- How to Back Up and Restore the SSL Private Key

From DocWiki

(Difference between revisions)
Jump to: navigation, search
m (1 revision)
(Copying and Saving the Private Key for Future Use)
 
(9 intermediate revisions not shown)
Line 1: Line 1:
 +
{{Template:Required Metadata}}
'''Main page:'''  [[Cisco Unified MeetingPlace, Release 7.0]]
'''Main page:'''  [[Cisco Unified MeetingPlace, Release 7.0]]
Line 12: Line 13:
== Exporting the Private Key ==
== Exporting the Private Key ==
 +
This procedure describes how to export the private key/certificate pair on the Web Server so that you can manually copy the SSL files in case you need to restore SSL on the Web Server.
This procedure describes how to export the private key/certificate pair on the Web Server so that you can manually copy the SSL files in case you need to restore SSL on the Web Server.
-
===== Procedure =====
+
==== Procedure ====
 +
 
# Open the Internet Services Manager on the Cisco Unified MeetingPlace Web Server.  
# Open the Internet Services Manager on the Cisco Unified MeetingPlace Web Server.  
-
#: Click '''Start > Programs > Administrative Tools > Internet Information Services Manager'''.
+
#: Select '''Start > Programs > Administrative Tools > Internet Information Services Manager'''.
# Navigate to Default Web Site.  
# Navigate to Default Web Site.  
-
#: Click the '''+''' sign beside Local Server > Web Sites to open the appropriate directory trees.
+
#: Select the '''+''' sign beside Local Server > Web Sites to open the appropriate directory trees.
# Right-click '''Default''' '''Web Site'''.  
# Right-click '''Default''' '''Web Site'''.  
# Select '''Properties'''.  
# Select '''Properties'''.  
#: The Default Web Site Properties window displays.
#: The Default Web Site Properties window displays.
-
# Click the '''Directory Security''' tab.  
+
# Select the '''Directory Security''' tab.  
-
# Click '''Server Certificate'''.  
+
# Select '''Server Certificate'''.  
#: The Web Server Certificate wizard displays.
#: The Web Server Certificate wizard displays.
-
# Click '''Next'''.  
+
# Select '''Next'''.  
# Select '''Export the current certificate to a pfx file'''.  
# Select '''Export the current certificate to a pfx file'''.  
-
# Click '''Next'''.  
+
# Select '''Next'''.  
-
# Click '''Browse''' and select to save the certificate file to your desktop.  
+
# Select '''Browse''' and select to save the certificate file to your desktop.  
-
# Click '''Next'''.  
+
# Select '''Next'''.  
# Enter a password to encrypt the certificate.  
# Enter a password to encrypt the certificate.  
# Enter the password again to confirm it.  
# Enter the password again to confirm it.  
-
# Click '''Next'''.  
+
# Select '''Next'''.  
#: The Export Certificate Summary Screen displays and the exported certificate file is now on your desktop.
#: The Export Certificate Summary Screen displays and the exported certificate file is now on your desktop.
-
# Click '''Next'''.  
+
# Select '''Next'''.  
-
# Click '''Finish''' to close the Web Server Certificate wizard.  
+
# Select '''Finish''' to close the Web Server Certificate wizard.  
-
# Click '''OK''' or '''Cancel''' to close the Default Web Site Properties window.  
+
# Select '''OK''' or '''Cancel''' to close the Default Web Site Properties window.  
# Close IIS Manager.  
# Close IIS Manager.  
Line 46: Line 49:
Proceed to [[Cisco Unified MeetingPlace, Release 7.0 -- How to Back Up and Restore the SSL Private Key#Copying and Saving the Private Key for Future Use|Copying and Saving the Private Key for Future Use]].
Proceed to [[Cisco Unified MeetingPlace, Release 7.0 -- How to Back Up and Restore the SSL Private Key#Copying and Saving the Private Key for Future Use|Copying and Saving the Private Key for Future Use]].
-
 
-
 
== Copying and Saving the Private Key for Future Use ==
== Copying and Saving the Private Key for Future Use ==
Line 62: Line 63:
# Open a DOS prompt.  
# Open a DOS prompt.  
-
## Click '''Start > Run'''.  
+
## Select '''Start > Run'''.  
## Enter '''cmd'''.  
## Enter '''cmd'''.  
# Enter the path to your desktop in the cmd.exe window.  
# Enter the path to your desktop in the cmd.exe window.  
Line 73: Line 74:
# Enter the import password when prompted.   
# Enter the import password when prompted.   
#: This is the password you defined in the Web Server Certificate wizard during the export process.
#: This is the password you defined in the Web Server Certificate wizard during the export process.
-
# Save the PEM file. You will need it whenever you need to reapply the certificate.  
+
# Save the PEM file. You will need it whenever you need to reapply the certificate.
 +
=== Backing Up the Breeze Certificate ===
 +
===== Procedure =====
 +
# Open a DOS prompt.
 +
# Enter the following command: '''Copy c:\Program Files\Cisco Systems\MPWeb\WebConf\comserv\win32\conf\_defaultRoot_\cert.pem file to''' ''backup path''.
 +
 +
 +
=== About Restoring Breeze and Home Page Certificates ===
 +
 +
See the [[Cisco_Unified_MeetingPlace,_Release_7.0_--_How_to_Configure_Secure_Sockets_Layer#Applying_the_SSL_Certificate|Applying the SSL Certificate]] section for more information on restoring Breeze and home page certificates.
== Importing the Private Key in to the MPWEB Database ==
== Importing the Private Key in to the MPWEB Database ==
Line 85: Line 95:
-
Complete [[Cisco Unified MeetingPlace, Release 7.0 -- How to Back Up and Restore the SSL Private Key#Copying and Saving the Private Key for Future Use|Copying and Saving the Private Key for Future Use]].
+
* Complete [[Cisco Unified MeetingPlace, Release 7.0 -- How to Back Up and Restore the SSL Private Key#Copying and Saving the Private Key for Future Use|Copying and Saving the Private Key for Future Use]].
 +
* Back up the complete database before performing this procedure.
===== Procedure =====
===== Procedure =====
-
# Open SQL Server Enterprise Manager.  
+
# Open the SQL Query Analyzer.  
-
#: Click '''Start > All Programs > Microsoft SQL Server > Enterprise Manager'''.
+
# Select '''Start > All Programs > Microsoft SQL Server > Query Analyzer'''.
-
# Navigate to the MPWEB database.  
+
# Log in with your SQL username, ”sa,” and password (which you set during the installation of MPWeb).
-
#: Click the''' + '''sign next to SQL Server Group > LOCAL > Databases > MPWEB to open the appropriate directory trees.
+
# Type in the following commands:
-
# Click '''Tables''' in the MPWEB directory.
+
#:* '''use mpweb'''
-
#: A list of tables opens in the right pane.
+
#:* '''update web'''  
-
# Right-click '''Web''' in the right pane.
+
#:* '''set sslprivatekey='Your private key' '''  
-
# Select '''Open table > Return all rows'''.
+
# Your private key begins with “BEGIN RSA PRIVATE KEY” and ends with “END RSA PRIVATE KEY”. Copy your private key and paste it between the quotes. You can find your Private key in your PEM file that you saved when you copied and saved the private key for future use.  
-
#: The Web database table displays.
+
#: '''Note''': Make sure you include the quotation marks.
-
# Scroll to the right until you see the SSLPrivateKey column.  
+
# Select the green arrow to Execute Query.  
-
# Open the PEM file in Notepad.
+
# Determine if your Private Key insertion was successful by entering the following commands in the Query Analyzer window:
-
#: You saved the PEM file when you copied and saved the private key for future use.
+
#:* '''use mpweb'''
-
# Copy the private key in its entirety.  
+
#:* '''select sslprivatekey from web'''
-
#: The private key begins with "Begin RSA Private key" and ends with "end RSA private key".
+
# Select the green arrow to Execute Query and your private key appears the following window.
-
# Paste the private key into the SSLPrivateKey field.  
+
-
## Click the field before the SSLPrivateKey column.  
+
-
## Press the Tab key on your keyboard to select all of the data in the SSLPrivateKey field.
+
-
## Right-click and select '''Paste''' to paste the value you copied from Notepad.
+
-
# Click somewhere else on the screen to remove your cursor from the SSLPrivateKey field.
+
-
# Close SQL Server Enterprise Manager.
+
-
# (Optional) Enable SSL if it is not already enabled.
+
-
# Reboot the server.  
+
Line 119: Line 122:
 +
=== About Home Page and Web Conf SSL certificates ===
 +
 +
When you import the private key using SQL query Analyzer enable SSL by performing the procedure described in the [[Cisco Unified MeetingPlace, Release 7.0 -- How to Configure Secure Sockets Layer#Enabling SSL|Enabling SSL]] section.
 +
 +
===== Procedure =====
 +
 +
# Change the web server hostname from an IP Address to a hostname.
 +
# Apply the SSL certificate.
 +
# Enable SSL.
[[Category: Configuring Cisco Unified MeetingPlace, Release 7.0]]
[[Category: Configuring Cisco Unified MeetingPlace, Release 7.0]]

Latest revision as of 23:38, 15 February 2012

Main page: Cisco Unified MeetingPlace, Release 7.0

Up one level: Configuration




This section describes how to export and subsequently reimport the SSL private key into the MPWEB database. We recommend that you make this part of your standard backup procedure. You will need to complete these procedures any time you need to move the SSL certificate, for example, from an old Web Server computer to a new Web Server computer or when you are rebuilding a computer.


Contents

Exporting the Private Key

This procedure describes how to export the private key/certificate pair on the Web Server so that you can manually copy the SSL files in case you need to restore SSL on the Web Server.


Procedure

  1. Open the Internet Services Manager on the Cisco Unified MeetingPlace Web Server.
    Select Start > Programs > Administrative Tools > Internet Information Services Manager.
  2. Navigate to Default Web Site.
    Select the + sign beside Local Server > Web Sites to open the appropriate directory trees.
  3. Right-click Default Web Site.
  4. Select Properties.
    The Default Web Site Properties window displays.
  5. Select the Directory Security tab.
  6. Select Server Certificate.
    The Web Server Certificate wizard displays.
  7. Select Next.
  8. Select Export the current certificate to a pfx file.
  9. Select Next.
  10. Select Browse and select to save the certificate file to your desktop.
  11. Select Next.
  12. Enter a password to encrypt the certificate.
  13. Enter the password again to confirm it.
  14. Select Next.
    The Export Certificate Summary Screen displays and the exported certificate file is now on your desktop.
  15. Select Next.
  16. Select Finish to close the Web Server Certificate wizard.
  17. Select OK or Cancel to close the Default Web Site Properties window.
  18. Close IIS Manager.


What to Do Next

Proceed to Copying and Saving the Private Key for Future Use.

Copying and Saving the Private Key for Future Use

We recommend that you complete this procedure as part of your standard backup procedure on the Web Server.


Before You Begin

Complete Exporting the Private Key.


Procedure
  1. Open a DOS prompt.
    1. Select Start > Run.
    2. Enter cmd.
  2. Enter the path to your desktop in the cmd.exe window.
    Example: C:\> cd "Documents and Settings\Administrator\Desktop"
  3. Enter the full path to OpenSSL.exe keeping the following in mind:
    • After -in, enter the full path to where you placed the file when you exported the private key.
    • After -out, enter the full path to where you want to send the exported file.
      Example:C:\Documents and Settings\Administrator\Desktop>"\Program Files\Cisco Systems\MPWeb\DataSvc\openssl.exe" pkcs12 -in "\Documents and Settings\Administrator\Desktop\mycertificate.pfx" -out "\Documents and Settings\Administrator\Desktop\mycertificate.pem" -nodes
    This converts the PFX format to a PEM format. The mycertificate.pem file will have all the certificates starting with the Private key.
  4. Enter the import password when prompted.
    This is the password you defined in the Web Server Certificate wizard during the export process.
  5. Save the PEM file. You will need it whenever you need to reapply the certificate.


Backing Up the Breeze Certificate

Procedure
  1. Open a DOS prompt.
  2. Enter the following command: Copy c:\Program Files\Cisco Systems\MPWeb\WebConf\comserv\win32\conf\_defaultRoot_\cert.pem file to backup path.


About Restoring Breeze and Home Page Certificates

See the Applying the SSL Certificate section for more information on restoring Breeze and home page certificates.

Importing the Private Key in to the MPWEB Database

Before You Begin


Procedure
  1. Open the SQL Query Analyzer.
  2. Select Start > All Programs > Microsoft SQL Server > Query Analyzer.
  3. Log in with your SQL username, ”sa,” and password (which you set during the installation of MPWeb).
  4. Type in the following commands:
    • use mpweb
    • update web
    • set sslprivatekey='Your private key'
  5. Your private key begins with “BEGIN RSA PRIVATE KEY” and ends with “END RSA PRIVATE KEY”. Copy your private key and paste it between the quotes. You can find your Private key in your PEM file that you saved when you copied and saved the private key for future use.
    Note: Make sure you include the quotation marks.
  6. Select the green arrow to Execute Query.
  7. Determine if your Private Key insertion was successful by entering the following commands in the Query Analyzer window:
    • use mpweb
    • select sslprivatekey from web
  8. Select the green arrow to Execute Query and your private key appears the following window.


Related Topics


About Home Page and Web Conf SSL certificates

When you import the private key using SQL query Analyzer enable SSL by performing the procedure described in the Enabling SSL section.

Procedure
  1. Change the web server hostname from an IP Address to a hostname.
  2. Apply the SSL certificate.
  3. Enable SSL.

Rating: 5.0/5 (1 vote cast)

Personal tools