|
|
The following sections describe general topics related to administering your CTE:
You perform all CTE administration and configuration tasks on a PC that is directly connected to the CTE serial port. The CTE has a browser-based graphical interface, the Administration Tool; it also has a command-line interface, the serial console, described in the "Using the Serial Console" section.
The Administration Tool contains the full set of network and operation configuration commands. The serial console contains all network configuration commands, the ping command, and the commands you use to create user accounts for additional administrators.
We recommend that you perform the first-time setup using the serial console, as described in the CTE Quick Start Guide. Use the Administration Tool to perform subsequent configuration.
To open the Administration Tool, perform these steps:
Step 2 From a web browser, connect to the CTE by entering the URL:
Step 3 If a Security Alert dialog box appears, click Yes.
The Main administration screen appears.
Step 4 Click the tab for the area you want to update.
The Administration Tool login dialog appears.
Step 5 Enter your administrative username and password.
Unless you have an administrative account already set up as described in "Managing Administrative User Accounts" section, enter root in the User Name field and enter the password you specified when you first logged in to the CTE.
The serial console contains all network configuration commands, the ping command, and the commands you use to create user accounts for additional administrators.
The following functions are available through the serial console only:
To open the serial console, perform these steps:
Step 2 Make sure that the CTE is running.
Step 3 Start a terminal emulation application and open a TCP/IP connection to the CTE using its IP address and administration port number (usually 9001).
If the serial console does not open, check the settings in the terminal emulation application. Set the serial connection to 9600 bits per second, 8 data bits, no parity, and 1 stop bit.
Step 4 Enter your user name and password when prompted.
A CTE software upgrade may be provided to you on CD-ROM or made available for website download. For information on obtaining product upgrades, refer to the CTE Series and Design Studio Release Notes.
If you are not sure which version of the CTE software you are using, you can display the version through the Administration Tool.
To display the version of your installed CTE, perform this step:
To upgrade your CTE from a CD-ROM, perform these steps:
 |
Note When you upload a server upgrade, the CTE drops the active sessions, so it is best to upgrade the server when you know that traffic is at a minimum. |
Step 2 Insert the CTE Restore CD into the CD-ROM drive of the CTE.
Step 3 Power down the CTE.
Step 4 Wait a few seconds.
Step 5 Power on the CTE.
Step 6 The serial console displays the following messages during the upgrade.
Step 7 When the upgrade is complete, eject the Restore CD and reboot the CTE.
When the CTE restarts, the CTE serial console appears.
Step 8 Use the CTE Serial Console to enter the network and DNS parameters.
To upgrade your CTE from a file, perform these steps:
Step 2 Across from Upload Server Upgrade, click the Browse button.
Step 3 Locate the file you want to upload and click Open.
Step 4 Click Submit to upload the file to the CTE.
The CTE restarts automatically.
Step 5 If you downloaded a full upgrade (rather than a partial upgrade), you will need to reconfigure the CTE network and DNS parameters from the CTE console.
For information about upgrading your CTE from Cisco.com, refer to the CTE and Design Studio Release Notes.
The CTE accepts a Privacy Enhanced Mail (PEM) format certificate file. PEM is a text format that is the Base-64 encoding of the Distinguished Encoding Rules (DER) binary format. The PEM format specifies the use of text BEGIN and END lines that indicate the type of content that is being encoded.
Before you can upload a certificate to the CTE, you will need to generate a Certificate Signing Request (CSR) and private key. We recommend using Linux OpenSSL to administer any certificate tasks. If Linux is not available, we recommend the Cygwin UNIX environment for Windows, which includes an OpenSSL module. Instructions for downloading, installing, and using the Cygwin UNIX environment to generate a CSR are included in this section.
If you are familiar with certificate manipulation, you can use other tools to create a PEM-formatted file. The certificate that you upload to the CTE must have the following characteristics:
The following sections describe how to perform the tasks associated with generating a CSR:
If you are unfamiliar with generating a CSR, review this section for background information.
The general process for generating a CSR and handling the signed certificate is as follows:
1. Generate a CSR (public.csr) and private key (private.key) as described in the "Generating a CSR" section.
2. Send the public.csr file to an authorized certificate provider.
3. If you used a tool other than the Cygwin UNIX environment to generate the CSR, check the format of the private key. If it is in DER format or is encrypted, convert it to PEM format as described in the "Unencrypting the Private Key" section.
4. When you receive the signed certificate file from your SSL certification company, check the file format. If it is in binary DER format, convert it to PEM format as described in the "Converting to a PEM-Formatted Certificate" section.
5. Combine the PEM-formatted signed certificate with the PEM-formatted private key (private.key) as described in the "Combining the Private Key with the Signed Certificate" section.
6. If your certificate has more than one level, handle the intermediate certificates as described in the "Generating Trusted Certificates for Multiple Levels" section.
7. Upload the certificate to the CTE as described in the "Uploading a Certificate to the CTE" section.
If Linux OpenSSL is not available, install the Cygwin UNIX environment for Windows. When you install Cygwin, you must choose the OpenSSL modules as described in the following steps.
To install Cygwin, perform these steps:
Step 2 Follow the on-screen instructions to open the setup installer.
Step 3 In the Cygwin Setup dialog box, click Next.
Step 4 Click Install from Internet and then click Next.
Step 5 Accept the default root installation directory settings and then click Next.
Step 6 Accept the default local package directory setting and then click Next.
Step 7 In the Internet Connection screen, click Use IE5 Settings and then click Next.
Step 8 In the list of Available Download Sites, click ftp://ftp.nas.nasa.gov and then click Next.
Step 9 In the Select Packages screen, click the View button (upper-right corner).
Step 10 Scroll the packages list to locate in the Package column openssl: The OpenSSL runtime environment and openssl-devel: The OpenSSL development environment.
Step 11 In the New column for those two entries, click Skip.
The current version number of Cygwin appears.
Step 12 Click Next to start the installation.
After Cygwin installs, you can generate the CSR.
These instructions to generate a CSR assume that you are using the Cygwin UNIX environment installed as described in the "Installing the Cygwin UNIX Environment for Windows" section.
To generate a CSR using the Cygwin UNIX environment, perform these steps:
A command window opens with a UNIX bash environment.
Step 2 To change to a particular drive, use the command: cd driveLetter:
Step 3 At the $ prompt, type the following to generate a CSR:
Status messages about the private key generation appear. You will be prompted for information such as country name.
Step 4 When prompted for the Common name, enter the DNS name of the CTE.
The name that you enter will appear in the certificate and must match the name expected by PCs that connect to the CTE. If you alias DNS names, you will need to use the alias name instead.
Step 5 Submit your CSR (public.csr) to an authorized certificate provider such as Verisign.
The certificate provider will return a Signed Certificate to you by e-mail within several days.
The following procedure is not needed if you use the Cygwin UNIX environment to generate the CSR and private key. Follow this procedure only if the method you use to generate the private key results in an encrypted key.
To unencrypt the private key, perform these steps:
A command window opens with a UNIX bash environment.
Step 2 To change to a particular drive, use the command: cd driveLetter:
Step 3 At the $ prompt enter the command: openssl rsa
If you enter this command without arguments, you will be prompted as follows:
Step 4 Enter the name of the password to be encrypted.
You can enter the openssl rsa command with arguments if you know the name of the private key and the unencrypted PEM file.
For example, if the private key filename is my_keytag_key.pvk, and the unencrypted filename is keyout.pem, you would enter openssl rsa -in my_keytag_key.pvk -out keyout.pem.
For more information, go to the following URL:
http://www.openssl.org/docs/apps/rsa.html#EXAMPLES
For information on downloading OpenSSL for Windows, go to the following URL:
http://sourceforge.net/project/showfiles.php?group_id=23617&release_id=48801
When you receive the signed certificate file from your certificate provider, check the file format. If it is in binary DER format, convert it to PEM format.
To convert a certificate to PEM format, perform these steps:
A command window opens with a UNIX bash environment.
Step 2 To change to a particular drive, use the command: cd driveLetter:
Step 3 At the $ prompt enter the command:
You must combine the signed certificate with the private key before you can upload it to the CTE.
To combine the private key with the signed certificate, perform these steps:
The file contents should look similar to the following:
Step 2 Save and name the PEM file. For example, CTE.pem.
 |
Caution Any certificate that has more than one level must include all intermediate certificates, or the system may become unusable. |
You must determine whether your certificate has more than one level and, if it does, handle the intermediate certificates properly.
To generate trusted certificates for multiple levels, perform these steps:
Step 2 Open Internet Explorer, and access a page through the CTE. For example, enter a URL similar to the following:
https://ipAddress:httpPort//www.mypage.com
Step 3 Double-click the Lock symbol in the bottom right corner of the browser.
Step 4 Switch to the Certificate Path window pane at the top of the screen.
Step 5 Double-click the first path level to bring up the Certificate information for the first level and then go to the Details screen.
Step 6 Click the Copy to File button at the bottom.
Step 7 After the Certificate Export Wizard appears, click Next.
Step 8 Click the format Base-64 encoded and then click Next.
Step 9 Enter a filename. For example, G:\tmp\root.cer.
Step 10 Review the information and note the complete filename. Click Finish.
Step 11 Click OK to close the Certificate information window for the first level.
Step 12 Repeat Steps 5-11 for all levels except the last level.
Step 13 Insert all certificates into one file, and make sure that any intermediate certificates are part of any certificate file you upload.
The file to be uploaded should be in the following format:
private key
Server Certificate
Intermediate Certificate 0
Intermediate Certificate 1
Intermediate Certificate 2
After you have completed the steps to obtain and assemble a properly formatted, signed certificate and private key, you can upload it to the CTE.
To upload a certificate file, perform these steps:
Step 2 Click the certificate Browse button.
Step 3 Locate the file you want to upload and click Open.
Step 4 Click Submit to upload the file.
Step 5 After the upload is complete, click Network and then Interfaces.
Step 6 Set Interface 0 Masquerade Host to the DNS name for which the certificate was registered.
For general information on licensing, refer to the "Licensing" section.
If you do not have a valid license for a particular device, a device user who attempts to proxy web content through the CTE will receive the following message: "Please check with your administrator to verify that the CTE has licenses for your device."
The CTE log file also displays the following messages:
To prevent such messages, you must purchase the corresponding module(s), request a license file, and then upload the license to the CTE.
To obtain a license for a purchased module, perform the following steps:
Company Name:
Customer Contact:
Contact E-mail:
Original SO#:
Host ID:
Modules Purchased:
Step 2 On the administrative PC where you run the CTE Administration Tool, create a C:\CTELicense directory (unless it already exists).
Step 3 Copy the license file (.lic) that you received through e-mail to the C:\CTELicense directory.
Do not overwrite any .lic files in the license directory. If another file in that directory has the same name, you must rename the newly received file before installing it. The CTE software calculates your licensed features based on all .lic files in the license directory.
Do not edit a .lic file or the CTE software will ignore any features associated with that license file. The contents of the file are encrypted and must remain intact. Should you copy, rename, or insert a license file multiple times, the CTE will use only the original file and will ignore any duplicate files.
You can now upload the license.
For more information on licensing, refer to the following URL:
http://www.cisco.com/en/US/partner/products/hw/contnetw/ps797/products_field_notice09186a008014bb68.shtml
To upload a license file, perform these steps:
Step 2 Click the Browse button and locate the .lic file you want to upload.
License files should be stored on the administrative PC where you run the CTE Administration Tool, in a directory named C:\CTELicense.
Step 3 Click Open.
Step 4 Click Submit to upload the license file.
When you purchase modules, you will need to know the host ID of the CTE for which you are purchasing modules.
The CTE includes a Design Studio installer and all CTE and Design Studio documentation. From the Main administration screen, you can download the installer and documentation without logging in to the Administration Tool. You can either download the Design Studio installer from the CTE and forward it to the Design Studio users, or you can point Design Studio users to the following information.
To download from the CTE, perform these steps:
Step 2 Specify where you want to save the files and click Open.
Refer to the CTE Series and Design Studio Release Notes for information on upgrading Design Studio.
To change the system date and time, perform these steps:
The Advanced > Date screen appears.
Step 2 Enter a new date and time and then click Update Time.
The following sections describe how to manage administrative user accounts:
The first time that you start the CTE, you must log in as root and create a password for the root account. You can create and manage additional administrative accounts through the CTE serial console.
To add and delete administrative user accounts, perform these steps:
Step 2 Log in to the serial console using the root username and password.
Step 3 When the Main Menu appears, type 2 (Manage Administrative Users) and press Enter.
Step 4 Follow the on-screen prompts to manage administrative user accounts.
|
Note In order to reset the administrative password to its default, you must reinstall the CTE server software. |
To change an administrator password, perform these steps:
Step 2 Log in to the serial console using the username whose password you want to change.
Step 3 When the Main Menu appears, type 2 (Manage Administrative Users) and press Enter.
Step 4 Follow the on-screen prompts to change a password.
When the CTE system log file is full, the CTE can e-mail the log to an administrator. To enable this feature, you specify an administrator's e-mail and mail server addresses.
To specify administrator e-mail settings, perform these steps:
Step 2 In Administrator Email-To Address, enter the e-mail address of the administrator to receive system logs.
Step 3 In Administrator Email-From Address, enter the address that is to appear as the originating and reply-to address on e-mails sent to the administrator.
Step 4 Enter the administrator's mail server address.
Step 5 Click Submit.
Design Studio user accounts are set up through the Administration > Users screen. You can also use that screen to delete Design Studio users and to change user passwords.
To add a Design Studio user account, perform these steps:
Step 2 Type a username and password.
Usernames must be must be at least 6 characters. Passwords must be at least 8 characters.
Step 3 Click Add User.
To add a Design Studio user account, perform these steps:
Step 2 Click the checkbox beside the username you want to delete.
Step 3 Click Delete User.
To change a Design Studio user password, perform these steps:
Step 2 Click the checkbox beside the username whose password you want to change.
Step 3 Enter a new password.
Step 4 Click Reset Password.
Posted: Mon Aug 18 15:34:40 PDT 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.