Developer Network

Digital Media Suite API Forums

« Back to Digital Signs API Forum

RE: Security Certificate Multiple DMPs

Combination View

toggle

Security Certificate Multiple DMPs	Stephanie McQuown	3/29/12 8:02 PM
RE: Security Certificate Multiple DMPs	Adam Caggiano	3/29/12 8:10 PM
RE: Security Certificate Multiple DMPs	Kathryn Blain	3/30/12 5:34 PM
RE: New Message from Stephanie McQuown in Digital Media Suite API - Digital	Keith Croft	3/29/12 8:14 PM
RE: New Message from Stephanie McQuown in Digital Media Suite API - Digital	Kathryn Blain	3/30/12 5:41 PM

Stephanie McQuown Posts: 1 Join Date: 2/12/10 Recent Posts	Security Certificate Multiple DMPs dmp ssl Answer 3/29/12 8:02 PM Mark as an Answer Submit Reply with Quote Quick Reply We are a control system software developer with a customer with about 30 DMPs. All DMPs were not communicating properly, so we thought we would need to update the security certificates. After updating one certificate, about 10 of the DMPs started working. Updating a second unique certificate fixed about another 5. We have read here in the forums that each DMP would need a unique certificate. Any idea why several DMPs would start working when a single certificate was updated? Also is there a way to install a root certificate that would update all the DMPs?
	Sign in to vote. Flag Please sign in to flag this as inappropriate. Top

Adam Caggiano Posts: 2 Join Date: 8/29/11 Recent Posts	RE: Security Certificate Multiple DMPs Answer 3/29/12 8:10 PM as a reply to Stephanie McQuown. Mark as an Answer Submit Reply with Quote Quick Reply We are a control system software developer with a customer with about 30 DMPs. All DMPs were not communicating properly, so we thought we would need to update the security certificates. After updating one certificate, about 10 of the DMPs started working. Updating a second unique certificate fixed about another 5. We have read here in the forums that each DMP would need a unique certificate. Any idea why several DMPs would start working when a single certificate was updated? Also is there a way to install a root certificate that would update all the DMPs? Is this after applying the hotfix patch to DMM for your particular DMP model?
	Sign in to vote. Flag Please sign in to flag this as inappropriate. Top

Keith Croft Posts: 2 Join Date: 1/13/12 Recent Posts	RE: New Message from Stephanie McQuown in Digital Media Suite API - Digital Answer 3/29/12 8:14 PM as a reply to Stephanie McQuown. Mark as an Answer Submit Reply with Quote Quick Reply Are you sure that you are not hitting this defect? http://www.cisco.com/en/US/ts/fn/634/fn63496.html -Keith From: Cisco Developer Community Forums [mailto:cdicuser@developer.cisco.com] Sent: Thursday, March 29, 2012 2:03 PM To: cdicuser@developer.cisco.com Subject: New Message from Stephanie McQuown in Digital Media Suite API - Digital Signs API Forum: Security Certificate Multiple DMPs Stephanie McQuown has created a new message in the forum "Digital Signs API Forum": -------------------------------------------------------------- We are a control system software developer with a customer with about 30 DMPs. All DMPs were not communicating properly, so we thought we would need to update the security certificates. After updating one certificate, about 10 of the DMPs started working. Updating a second unique certificate fixed about another 5. We have read here in the forums that each DMP would need a unique certificate. Any idea why several DMPs would start working when a single certificate was updated? Also is there a way to install a root certificate that would update all the DMPs? -- To respond to this post, please click the following link: <http://developer.cisco.com/web/dms/forums/-/message_boards/view_message/5377381> or simply reply to this email.
	Sign in to vote. Flag Please sign in to flag this as inappropriate. Top

Kathryn Blain Posts: 2 Join Date: 3/30/12 Recent Posts	RE: Security Certificate Multiple DMPs dmp keystore Answer 3/30/12 5:34 PM as a reply to Adam Caggiano. Mark as an Answer Submit Reply with Quote Quick Reply We are a control system software developer with a customer with about 30 DMPs. All DMPs were not communicating properly, so we thought we would need to update the security certificates. After updating one certificate, about 10 of the DMPs started working. Updating a second unique certificate fixed about another 5. We have read here in the forums that each DMP would need a unique certificate. Any idea why several DMPs would start working when a single certificate was updated? Also is there a way to install a root certificate that would update all the DMPs? Is this after applying the hotfix patch to DMM for your particular DMP model? We are not using a DMM. We are controlling the DMP directly. The hotfix for the DMM basically just gets around the certificate expiration issue by ignoring the certificate. We can do the same action in a future release, but to fix our customers now, we need to go through a lengthly process to import the certificates. To get around the issue, we have to go to each DMP and accept the certificate; then, we need to export the certificate and use keytool to import it into the keystore. We need to know if we have to do this action for every DMP on the network. When we view the keystore, we see that the certificates look identical. We thought that maybe Cisco used a root certificate, which would make the task easier. Any ideas?
	Sign in to vote. Flag Please sign in to flag this as inappropriate. Top

Kathryn Blain Posts: 2 Join Date: 3/30/12 Recent Posts	RE: New Message from Stephanie McQuown in Digital Media Suite API - Digital dmp keystore root certificate Answer 3/30/12 5:41 PM as a reply to Keith Croft. Mark as an Answer Submit Reply with Quote Quick Reply Yes. We are hitting that defect. But, it's really just a problem because Cisco uses a self signed certificate with their DMPs to verify their public key. We don't use a DMM and that hotfix is only to fix the issue that Cisco had with their own software and the DMP. It doesn't fix any 3rd party software issue until the 3rd party software can release a version that doesn't check the certificates. The only way for 3rd party software to get a trusted certificate is to access the DMPs through a browser and export the certificate into a keystore. We have customers with multiple DMPs (up to 30) on a network controlled by our software. We have read that we need to import a unique certificate for every DMP; however, after exporting the certificate in a browser to a file and importing that file into the keystore, we noticed that the certificates looked identical for every DMP. We thought that maybe Cisco used a root certificate, which would make the task easier. So, we are trying to find out if we need to import a certificate for every DMP or if they use a root certificate. -Kathy Are you sure that you are not hitting this defect? http://www.cisco.com/en/US/ts/fn/634/fn63496.html -Keith From: Cisco Developer Community Forums [mailto:cdicuser@developer.cisco.com] Sent: Thursday, March 29, 2012 2:03 PM To: cdicuser@developer.cisco.com Subject: New Message from Stephanie McQuown in Digital Media Suite API - Digital Signs API Forum: Security Certificate Multiple DMPs Stephanie McQuown has created a new message in the forum "Digital Signs API Forum": -------------------------------------------------------------- We are a control system software developer with a customer with about 30 DMPs. All DMPs were not communicating properly, so we thought we would need to update the security certificates. After updating one certificate, about 10 of the DMPs started working. Updating a second unique certificate fixed about another 5. We have read here in the forums that each DMP would need a unique certificate. Any idea why several DMPs would start working when a single certificate was updated? Also is there a way to install a root certificate that would update all the DMPs? -- To respond to this post, please click the following link: <http://developer.cisco.com/web/dms/forums/-/message_boards/view_message/5377381> or simply reply to this email.
	Sign in to vote. Flag Please sign in to flag this as inappropriate. Top