Installing a Trustwave SSL Certificate on Cisco Secure Content Accelerator (SCA) 11000

SSL Certificate installation for Cisco Secure Content Accelerator (SCA) 11000

» Go back and choose a different type of Server

» Finished installing? Check your SSL Certificate installation with HelpNow!

» SSL Certificate Purchasing Information for Cisco SCA 11000

» CSR generation instructions for Cisco SCA 11000

Upload your Trustwave SSL Certficate to the SCA 11000 Upload your Trustwave SSL Certficate to the SCA 11000
When your certificate is issued, look for the .cer file in the ZIP file that you receive. That file contains your certificate in PEM format. You can upload this file by first becoming a privileged user and then entering configuration mode:

# enable
# configure
# cert new_cert create
# pem-paste

Now, open the .cer file in a suitable text editor, such as notepad, vi, or nano. Copy the entire text to your clipboard - including the dashed lines at the top and bottom. Paste the text into your Cisco SCA prompt and press enter until the prompt returns. You now have a certificate saved as new_cert and a private key saved as new_key (unless you named them differently on this step and the CSR generation step).

Downloading the Trustwave intermediates Downloading the Trustwave intermediates
To load the Trustwave intermediate files, you will need the GlobalSign Root, the GlobalSign Partners intermediate, and the Trustwave intermediate. The files must be in DER format for the SCA to accept them (some newer versions may accept PEM-encoded intermediate certificates). If your model requires DER (generally version numbers 3.2 and lower), you can download them below:

Download the GlobalSign Root certificate

Download the GlobalSign Partners intermediate certificate

Download the Trustwave intermediate certificate

Download the GlobalSign Root certificate DER format

Download the GlobalSign Partners intermediate certificate DER format

Download the Trustwave intermediate certificate DER format

Loading the GlobalSign Root certificate Loading the GlobalSign Root certificate
To make the Cisco SCA use the intermediate certificates, you must create a certificate group which contains the intermediates. Each intermediate certificate must be loaded individually and then grouped at the end:

If your SCA requires certificates in DER format, load the GlobalSign Root certificate in DER format (GSRoot.der)

# ssl
# cert GSRoot create
# der GSRoot.der <- GlobalSign root cert filename

If your SCA accepts PEM certificates, you can use these commands to load the GlobalSign Root certificate in PEM format (GSRoot.crt)

# ssl
# cert GSRoot create
# pem GSRoot.crt <- GlobalSign root cert filename

Loading the GlobalSign Partners intermediate certificate Loading the GlobalSign Partners intermediate certificate
If your SCA requires certificates in DER format, load the GlobalSign Partners certificate in DER format (GSInt.der)

# ssl
# cert GSInt create
# der GSInt.der <- GlobalSign Partners cert filename

If your SCA accepts PEM certificates, you can use these commands to load the GlobalSign Partners certificate in PEM format (GSInt.crt)

# ssl
# cert GSInt create
# pem GSint.crt <- GlobalSign Partners cert filename

Loading the Trustwave intermediate certificate Loading the Trustwave intermediate certificate
If your SCA requires certificates in DER format, load the Trustwave intermediate certificate in DER format (TrustwaveCA.der)

# ssl
# cert TrustwaveCA create
# der TrustwaveCA.der <- Trustwave intermediate cert filename

If your SCA accepts PEM certificates, you can use these commands to load the Trustwave intermediate certificate in PEM format (TrustwaveCA.crt)

# ssl
# cert TrustwaveCA create
# pem TrustwaveCA.crt <- Trustwave intermediate cert filename

Create a certificate group and add certificates Create a certificate group and add certificates
Now that you have loaded the intermediate certificates into the Cisco SCA 11000, you can create a certificate group. After you create it, you can add in the three certificates which you just loaded:

# certgroup CACertGroup create
# cert TrustwaveCA
# cert GSInt
# cert GSRoot
# end

All of your certificates are now loaded, but you will need to create a logical server before you continue.

Create a logical server policy Create a logical server policy
Please bear in mind - this is only an example. If you are unsure about what data belongs in these lines, please contact your network administrator.

# server server1 create
# ip address 10.1.2.4
# localport 443
# remoteport 81
# secpolicy myPol
# certgroup chain CACertGroup
# cert new_cert
# key new_key
# finished
# write flash

Your certificates are now installed.

» Check your SSL Certificate Installation with HelpNow!

Trustwave Technical Support Options
Toll-Free: 866-775-2378
Direct: +1-608-294-6940
E-Mail: sslsupport@trustwave.com
SSL Certificate Customers - Instant Support!
We invite our SSL Certificate Customers to use our new instant online troubleshooter, HelpNow, to diagnose SSL Certificate issues instantly.
Get HelpNow! »
Trustwave Support Tips:
If you are contacting us about your SSL certificate via e-mail, please provide us with your website's address and a detailed description of the issue. Screenshots may also help us resolve your problem quickly, so you are welcome to include those as well.
Trusted by Internet Explorer, Firefox, Netscape, Opera, AOL, Safari, Mozilla
Home Legal Information Privacy Policy Contact Us International
© Trustwave
Ph: 888-878-7817 (312-873-7500 outside U.S. or Canada) Fax: 312-443-8028 info@trustwave.com