close
Top Panel
Top Panel
Top Panel
Changing CSA MC hostname PDF Print E-mail
Written by Alexei Spirin   
Sunday, 19 October 2008 22:22

Hi! Sometimes we need to change CSA MC domain name but CSA MC has a SSL certificate which is tied with FQDN. Cisco's documentation isn't particularly clear so I decided to tidy up a bit in this place :)

All steps were made with 6.0 version of CSA MC, but I believe 5.x would do the same. CSA MC was installed in "C:\Program Files\Cisco".

1. Login into the CSA MC windows machine and change the domainname. Reboot

2. Login again. Stop both CSA services

3. Enter the C:\Program Files\Cisco\CSAMC\CSAMC60\cfg directory and change hostname in sslca.conf and sslhost.conf

4. Open cmd.exe and issue these commands

cd C:\"Program Files"\Cisco\CSAMC\CSAMC60\bin
C:\"Program Files"\Cisco\CSAMC\CSAMC60\perl\5.8.7\bin\MSWin32-x86\perl.exe installcert.pl -forceinstall

5. Start CSA services

6. Regenerate all agent kits to update included CSA MC FQDN

Actually there are two certificates in cfg directory sslca.crt and sslhost.crt. The first one represents virtual root CA and the latter is for CSA MC's communication with agents and web.

There are some unforeseen consequences. First is that the sslca.crt isn't changed after this steps so we can continue to use old domainname to communicate with old agents kits. The agent kits depend on CSA MC domain name and CA certificate. So the new SSL certificate is also trusted. Thus we can create a kind of migration process using this feature.

As for others consequences - I'd like to do more research.

Last Updated on Friday, 24 October 2008 22:24