cc/td/doc/product/webscale/cte1400/rel_3
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Administering the CTE
Using the Administration Tool
Using the Serial Console
Upgrading the CTE Software
Generating a Secure Certificate for the CTE
Managing Licenses
Downloading a Design Studio Installer and Product Documentation
Changing the System Date and Time
Managing Administrative User Accounts
Managing Design Studio User Accounts

Administering the CTE


The following sections describe general topics related to administering your CTE:

Using the Administration Tool

You perform all CTE administration and configuration tasks on a PC that is directly connected to the CTE serial port. The CTE has a browser-based graphical interface, the Administration Tool; it also has a command-line interface, the serial console, described in the "Using the Serial Console" section.

The Administration Tool contains the full set of network and operation configuration commands. The serial console contains all network configuration commands, the ping command, and the commands you use to create user accounts for additional administrators.

We recommend that you perform the first-time setup using the serial console, as described in the CTE Quick Start Guide. Use the Administration Tool to perform subsequent configuration.

To open the Administration Tool, perform these steps:


Step 1   Make sure that the CTE is running.

Step 2   From a web browser, connect to the CTE by entering the URL:

https://ipAddress:adminPort

where:

Step 3   If a Security Alert dialog box appears, click Yes.

The Main administration screen appears.

Step 4   Click the tab for the area you want to update.

The Administration Tool login dialog appears.

Step 5   Enter your administrative username and password.

Unless you have an administrative account already set up as described in "Managing Administrative User Accounts" section, enter root in the User Name field and enter the password you specified when you first logged in to the CTE.




Note   When working with the Administration Tool, click Submit to save changes. If a Restart Server button appears after you submit a change, click the button before making more changes.

To view information about a setting, hold the mouse over the setting and view the information area at the bottom of the screen.

Using the Serial Console

The serial console contains all network configuration commands, the ping command, and the commands you use to create user accounts for additional administrators.

The following functions are available through the serial console only:

To open the serial console, perform these steps:


Step 1   Connect a PC to the CTE serial port.

Step 2   Make sure that the CTE is running.

Step 3   Start a terminal emulation application and open a TCP/IP connection to the CTE using its IP address and administration port number (usually 9001).

If the serial console does not open, check the settings in the terminal emulation application. Set the serial connection to 9600 bits per second, 8 data bits, no parity, and 1 stop bit.

Step 4   Enter your user name and password when prompted.



Upgrading the CTE Software

A CTE software upgrade may be provided to you on CD-ROM or made available for website download. For information on obtaining product upgrades, refer to the CTE Series and Design Studio Release Notes.

If you are not sure which version of the CTE software you are using, you can display the version through the Administration Tool.

To display the version of your installed CTE, perform this step:

To upgrade your CTE from a CD-ROM, perform these steps:


Note    When you upload a server upgrade, the CTE drops the active sessions, so it is best to upgrade the server when you know that traffic is at a minimum.


Step 1   Connect a PC to the serial console port of the CTE.

Step 2   Insert the CTE Restore CD into the CD-ROM drive of the CTE.

Step 3   Power down the CTE.

Step 4   Wait a few seconds.

Step 5   Power on the CTE.

Step 6   The serial console displays the following messages during the upgrade.

CTE software installation will take 10 minutes to complete.
0%..................................................100%
Installation successful. Please eject the CD and reboot the CTE.
 

Step 7   When the upgrade is complete, eject the Restore CD and reboot the CTE.

When the CTE restarts, the CTE serial console appears.

Step 8   Use the CTE Serial Console to enter the network and DNS parameters.



To upgrade your CTE from a file, perform these steps:


Step 1   In the Administration Tool, click Administration and then Uploads.

Step 2   Across from Upload Server Upgrade, click the Browse button.

Step 3   Locate the file you want to upload and click Open.

Step 4   Click Submit to upload the file to the CTE.

The CTE restarts automatically.

Step 5   If you downloaded a full upgrade (rather than a partial upgrade), you will need to reconfigure the CTE network and DNS parameters from the CTE console.



For information about upgrading your CTE from Cisco.com, refer to the CTE and Design Studio Release Notes.

Generating a Secure Certificate for the CTE

The CTE accepts a Privacy Enhanced Mail (PEM) format certificate file. PEM is a text format that is the Base-64 encoding of the Distinguished Encoding Rules (DER) binary format. The PEM format specifies the use of text BEGIN and END lines that indicate the type of content that is being encoded.

Before you can upload a certificate to the CTE, you will need to generate a Certificate Signing Request (CSR) and private key. We recommend using Linux OpenSSL to administer any certificate tasks. If Linux is not available, we recommend the Cygwin UNIX environment for Windows, which includes an OpenSSL module. Instructions for downloading, installing, and using the Cygwin UNIX environment to generate a CSR are included in this section.

If you are familiar with certificate manipulation, you can use other tools to create a PEM-formatted file. The certificate that you upload to the CTE must have the following characteristics:

The following sections describe how to perform the tasks associated with generating a CSR:

Overview of the Certificate Signing Request

If you are unfamiliar with generating a CSR, review this section for background information.

The general process for generating a CSR and handling the signed certificate is as follows:

1. Generate a CSR (public.csr) and private key (private.key) as described in the "Generating a CSR" section.

2. Send the public.csr file to an authorized certificate provider.

3. If you used a tool other than the Cygwin UNIX environment to generate the CSR, check the format of the private key. If it is in DER format or is encrypted, convert it to PEM format as described in the "Unencrypting the Private Key" section.

4. When you receive the signed certificate file from your SSL certification company, check the file format. If it is in binary DER format, convert it to PEM format as described in the "Converting to a PEM-Formatted Certificate" section.

5. Combine the PEM-formatted signed certificate with the PEM-formatted private key (private.key) as described in the "Combining the Private Key with the Signed Certificate" section.

6. If your certificate has more than one level, handle the intermediate certificates as described in the "Generating Trusted Certificates for Multiple Levels" section.

7. Upload the certificate to the CTE as described in the "Uploading a Certificate to the CTE" section.

Installing the Cygwin UNIX Environment for Windows

If Linux OpenSSL is not available, install the Cygwin UNIX environment for Windows. When you install Cygwin, you must choose the OpenSSL modules as described in the following steps.

To install Cygwin, perform these steps:


Step 1   Use a web browser to navigate to www.cygwin.com and click Install Cygwin Now.

Step 2   Follow the on-screen instructions to open the setup installer.

Step 3   In the Cygwin Setup dialog box, click Next.

Step 4   Click Install from Internet and then click Next.

Step 5   Accept the default root installation directory settings and then click Next.

Step 6   Accept the default local package directory setting and then click Next.

Step 7   In the Internet Connection screen, click Use IE5 Settings and then click Next.

Step 8   In the list of Available Download Sites, click ftp://ftp.nas.nasa.gov and then click Next.

Step 9   In the Select Packages screen, click the View button (upper-right corner).

Step 10   Scroll the packages list to locate in the Package column openssl: The OpenSSL runtime environment and openssl-devel: The OpenSSL development environment.

Step 11   In the New column for those two entries, click Skip.

The current version number of Cygwin appears.

Step 12   Click Next to start the installation.

After Cygwin installs, you can generate the CSR.



Generating a CSR

These instructions to generate a CSR assume that you are using the Cygwin UNIX environment installed as described in the "Installing the Cygwin UNIX Environment for Windows" section.

To generate a CSR using the Cygwin UNIX environment, perform these steps:


Step 1   Double-click the Cygwin icon on the desktop.

A command window opens with a UNIX bash environment.

Step 2   To change to a particular drive, use the command: cd driveLetter:

Step 3   At the $ prompt, type the following to generate a CSR:

openssl req -new -nodes -keyout privateKeyFilename -out certRequestFilename 
 

For example:

openssl req -new -nodes -keyout private.key -out public.csr 
 

Status messages about the private key generation appear. You will be prompted for information such as country name.

Step 4   When prompted for the Common name, enter the DNS name of the CTE.

The name that you enter will appear in the certificate and must match the name expected by PCs that connect to the CTE. If you alias DNS names, you will need to use the alias name instead.

Step 5   Submit your CSR (public.csr) to an authorized certificate provider such as Verisign.

The certificate provider will return a Signed Certificate to you by e-mail within several days.



Unencrypting the Private Key

The following procedure is not needed if you use the Cygwin UNIX environment to generate the CSR and private key. Follow this procedure only if the method you use to generate the private key results in an encrypted key.

To unencrypt the private key, perform these steps:


Step 1   Double-click the Cygwin icon on the desktop.

A command window opens with a UNIX bash environment.

Step 2   To change to a particular drive, use the command: cd driveLetter:

Step 3   At the $ prompt enter the command: openssl rsa

If you enter this command without arguments, you will be prompted as follows:

read RSA key

Step 4   Enter the name of the password to be encrypted.

You can enter the openssl rsa command with arguments if you know the name of the private key and the unencrypted PEM file.

For example, if the private key filename is my_keytag_key.pvk, and the unencrypted filename is keyout.pem, you would enter openssl rsa -in my_keytag_key.pvk -out keyout.pem.



For more information, go to the following URL:

http://www.openssl.org/docs/apps/rsa.html#EXAMPLES

For information on downloading OpenSSL for Windows, go to the following URL:

http://sourceforge.net/project/showfiles.php?group_id=23617&release_id=48801

Converting to a PEM-Formatted Certificate

When you receive the signed certificate file from your certificate provider, check the file format. If it is in binary DER format, convert it to PEM format.

To convert a certificate to PEM format, perform these steps:


Step 1   Double-click the Cygwin icon on the desktop.

A command window opens with a UNIX bash environment.

Step 2   To change to a particular drive, use the command: cd driveLetter:

Step 3   At the $ prompt enter the command:

openssl x509 -in certFile -inform DER -outform PEM -out convertedCertFile 
 



Combining the Private Key with the Signed Certificate

You must combine the signed certificate with the private key before you can upload it to the CTE.

To combine the private key with the signed certificate, perform these steps:


Step 1   Use a text editor to combine the unencrypted private key with the signed certificate in the PEM file format.

The file contents should look similar to the following:

-----BEGIN RSA PRIVATE KEY-----
<Unencrypted Private Key>
-----END RSA Private KEY-----
-----BEGIN CERTIFICATE-----
<Signed Certificate>
-----END CERTIFICATE-----
 

Step 2   Save and name the PEM file. For example, CTE.pem.



Generating Trusted Certificates for Multiple Levels


Caution   Any certificate that has more than one level must include all intermediate certificates, or the system may become unusable.

You must determine whether your certificate has more than one level and, if it does, handle the intermediate certificates properly.

To generate trusted certificates for multiple levels, perform these steps:


Step 1   Do not exit Design Studio.

Step 2   Open Internet Explorer, and access a page through the CTE. For example, enter a URL similar to the following:

https://ipAddress:httpPort//www.mypage.com

where:

Step 3   Double-click the Lock symbol in the bottom right corner of the browser.

Step 4   Switch to the Certificate Path window pane at the top of the screen.

Step 5   Double-click the first path level to bring up the Certificate information for the first level and then go to the Details screen.

Step 6   Click the Copy to File button at the bottom.

Step 7   After the Certificate Export Wizard appears, click Next.

Step 8   Click the format Base-64 encoded and then click Next.

Step 9   Enter a filename. For example, G:\tmp\root.cer.

Step 10   Review the information and note the complete filename. Click Finish.

Step 11   Click OK to close the Certificate information window for the first level.

Step 12   Repeat Steps 5-11 for all levels except the last level.

Step 13   Insert all certificates into one file, and make sure that any intermediate certificates are part of any certificate file you upload.

The file to be uploaded should be in the following format:

private key
Server Certificate
Intermediate Certificate 0
Intermediate Certificate 1
Intermediate Certificate 2



Uploading a Certificate to the CTE

After you have completed the steps to obtain and assemble a properly formatted, signed certificate and private key, you can upload it to the CTE.

To upload a certificate file, perform these steps:


Step 1   In the Administration Tool, click Administration and then Uploads.

Step 2   Click the certificate Browse button.

Step 3   Locate the file you want to upload and click Open.

Step 4   Click Submit to upload the file.

Step 5   After the upload is complete, click Network and then Interfaces.

Step 6   Set Interface 0 Masquerade Host to the DNS name for which the certificate was registered.



Managing Licenses

For general information on licensing, refer to the "Licensing" section.

If you do not have a valid license for a particular device, a device user who attempts to proxy web content through the CTE will receive the following message: "Please check with your administrator to verify that the CTE has licenses for your device."

The CTE log file also displays the following messages:

httpd: session denied. check for sufficient capacity and device type licenses. 
httpd: HTTP 403 (Please check with your administrator to verify that the CTE has licenses for your device.)
 

To prevent such messages, you must purchase the corresponding module(s), request a license file, and then upload the license to the CTE.

To obtain a license for a purchased module, perform the following steps:


Step 1   Send an e-mail to licensing@cisco.com with the following information:

Company Name:
Customer Contact:
Contact E-mail:
Original SO#:
Host ID:
Modules Purchased:

Step 2   On the administrative PC where you run the CTE Administration Tool, create a C:\CTELicense directory (unless it already exists).

Step 3   Copy the license file (.lic) that you received through e-mail to the C:\CTELicense directory.

Do not overwrite any .lic files in the license directory. If another file in that directory has the same name, you must rename the newly received file before installing it. The CTE software calculates your licensed features based on all .lic files in the license directory.

Do not edit a .lic file or the CTE software will ignore any features associated with that license file. The contents of the file are encrypted and must remain intact. Should you copy, rename, or insert a license file multiple times, the CTE will use only the original file and will ignore any duplicate files.

You can now upload the license.



For more information on licensing, refer to the following URL:
http://www.cisco.com/en/US/partner/products/hw/contnetw/ps797/products_field_notice09186a008014bb68.shtml

To upload a license file, perform these steps:


Step 1   In the Administration Tool, click Administration and then Uploads.

Step 2   Click the Browse button and locate the .lic file you want to upload.

License files should be stored on the administrative PC where you run the CTE Administration Tool, in a directory named C:\CTELicense.

Step 3   Click Open.

Step 4   Click Submit to upload the license file.



Viewing the CTE Host ID

When you purchase modules, you will need to know the host ID of the CTE for which you are purchasing modules.

To view the host ID:

Downloading a Design Studio Installer and Product Documentation

The CTE includes a Design Studio installer and all CTE and Design Studio documentation. From the Main administration screen, you can download the installer and documentation without logging in to the Administration Tool. You can either download the Design Studio installer from the CTE and forward it to the Design Studio users, or you can point Design Studio users to the following information.

To download from the CTE, perform these steps:


Step 1   Go to the Administration screen of the Administration Tool and click Download Design Studio or Download Documentation.

Step 2   Specify where you want to save the files and click Open.



Refer to the CTE Series and Design Studio Release Notes for information on upgrading Design Studio.

Changing the System Date and Time

To change the system date and time, perform these steps:


Step 1   In the Administration Tool, click Advanced and then Date.

The Advanced > Date screen appears.

Step 2   Enter a new date and time and then click Update Time.



Managing Administrative User Accounts

The following sections describe how to manage administrative user accounts:

Adding and Deleting Administrative User Accounts

The first time that you start the CTE, you must log in as root and create a password for the root account. You can create and manage additional administrative accounts through the CTE serial console.

To add and delete administrative user accounts, perform these steps:


Step 1   On a PC connected to the CTE serial port, start a terminal emulation application and open the connection already created for the CTE.

Step 2   Log in to the serial console using the root username and password.

Step 3   When the Main Menu appears, type 2 (Manage Administrative Users) and press Enter.

Step 4   Follow the on-screen prompts to manage administrative user accounts.



Changing an Administrator Password


Note   In order to reset the administrative password to its default, you must reinstall the CTE server software.

To change an administrator password, perform these steps:


Step 1   On a PC connected to the CTE serial port, start a terminal emulation application and open the connection already created for the CTE.

Step 2   Log in to the serial console using the username whose password you want to change.

Step 3   When the Main Menu appears, type 2 (Manage Administrative Users) and press Enter.

Step 4   Follow the on-screen prompts to change a password.



Specifying Administrator E-mail Settings

When the CTE system log file is full, the CTE can e-mail the log to an administrator. To enable this feature, you specify an administrator's e-mail and mail server addresses.

To specify administrator e-mail settings, perform these steps:


Step 1   In the Administration Tool, click Advanced and then General.

Step 2   In Administrator Email-To Address, enter the e-mail address of the administrator to receive system logs.

Step 3   In Administrator Email-From Address, enter the address that is to appear as the originating and reply-to address on e-mails sent to the administrator.

Step 4   Enter the administrator's mail server address.

Step 5   Click Submit.



Managing Design Studio User Accounts

Design Studio user accounts are set up through the Administration > Users screen. You can also use that screen to delete Design Studio users and to change user passwords.


Note   You will need to provide the following information to Design Studio users:

- Their Design Studio user name and password
- The IP address and admin/HTTP/HTTPS port numbers for their CTEs
- Whether to use a proxy host when logging in to Design Studio
- When Design Studio upgrades are available

To add a Design Studio user account, perform these steps:


Step 1   In the Administration Tool, click Administration and then Users.

Step 2   Type a username and password.

Usernames must be must be at least 6 characters. Passwords must be at least 8 characters.

Step 3   Click Add User.



To add a Design Studio user account, perform these steps:


Step 1   In the Administration Tool, click Administration and then Users.

Step 2   Click the checkbox beside the username you want to delete.

Step 3   Click Delete User.



To change a Design Studio user password, perform these steps:


Step 1   In the Administration Tool, click Administration and then Users.

Step 2   Click the checkbox beside the username whose password you want to change.

Step 3   Enter a new password.

Step 4   Click Reset Password.




hometocprevnextglossaryfeedbacksearchhelp
Posted: Mon Aug 18 15:34:40 PDT 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.