installing eurodocsis certificate for bpi+ | docsis.org

You are here

installing eurodocsis certificate for bpi+

6 posts / 0 new
Last post
Anonymous (not verified)
installing eurodocsis certificate for bpi+

Hi,

I have been trying to configure my Cisco CMTS for bpi+. The problem is that I only have EuroDOCSIS modems.
I have installed the EuroDOCSIS root master CA certificate that I found here http://docsis.dobroe.ru/DOCSIS/Certs/

Anyway, the modem doesn´t work, and the logs say they don´t know the certificate. I have tried to install it as bootflash:root-cert, and with crypto ca trustpoint EURODOCSIS-ROOT-CERT and the fact is that it doesn´t work. I also have installed with crypto ca trustpoint both the EURODOCSIS and DOCSIS certificate at the same time, but I doubt it will make any diference.

So, if I may ask:

1) Am I using the right EuroDOCSIS CA root?
2) do any need to do something more to activate the EURODOCSIS certificate?
3) What can I do to have both the EuroDOCSIS and DOCSIS certificate active at the same time? I have another location where I think we have both DOCSIS and EuroDOCSIS modems.
4) should I need to install a Webstar EuroDOCSIS CM root CA in my CMTS? (think not, but I have tried it)
5) If I need to do (4), how do I do insert that in the EURODOCSIS chain?

TIA,
Rui

van_da_Saitn (not verified)
RE: installing eurodocsis certificate for bpi+

HI,

I had the same problem on a uBR7246VXR.
The Euro-Docsis-Root-CA needs to be copied to bootflash: as euro-root-cert
dir bootflash:
Directory of bootflash:/

3 -rw- 3241908 Mar 9 1996 03:54:07 +01:00 xxxx
16 -rw- 914 Mar 19 2008 16:35:45 +01:00 euro-root-cert

7602176 bytes total (529720 bytes free)
The working CA consumes 914 Bytes.

Next you need to reload your UBR. Thats not so cool for a box which is already delivering a service.
When doing "sh cable privacy root-cert-list" you should see the right CA then.:

Cable Root Certificates:

Issuer: cn=Euro-DOCSIS Cable Modem Root CA,ou=Cable Modems,o=tComLabs - Euro-DOCSIS,c=BE
Subject: cn=Euro-DOCSIS Cable Modem Root CA,ou=Cable Modems,o=tComLabs - Euro-DOCSIS,c=BE
State: Root
Source: Other
RowStatus: Active
Serial: 634B5963790E810F3B5445B3714CF12C
Thumbprint: 6AFCC77DC4E60CEA3C65441714C9297739B6590A

You can find plenty of Docs on cisco.com with "DOCSIS 1.1 for the Cisco CMTS".
Just the EuroDocsis Part is not covered so well.
What I found out, is that you just can use one root-CA. So only BPI+ with EuroDocsis or Docsis.
If you want to use both u need to use "self-signed manufacturer certificates".
But I did not try that.

1) The right Cert is on this Site --> the 914 Bytes
2) What I remeber just adding the right root-cert was enough.
4) The Root-Cert should should unpack all other Certs, so you dont need to install anything
else in that case.

I hope that helps you on.

Regards,
Rene

Rui Ribeiro (not verified)
bpi+ working

Rene,

Many thanks for your help. It was as simple as putting the eurodocsis root certificate as you are saying, and presto!
I have no idea how you found about the euro-root-cert, because even after you telling me and seeing that it works, I still can´t find a single document that talks about it.

Btw, sh cable privacy root-cert-list is showing me both euro and docsis ca certs, so I am quite sure I will be able to use all the modems my customers own.

Again, I really appreciated your help.

Regards,
Rui Ribeiro

uscallesen
Same issue..

I seem to have stumbled upon the same issue. I'm upgrading from EuroDocsis 1.0 til EuroDocsis 1.1 on a handful of Cisco UBR7223's and I'm having issues with BPI+

from the log file I gather the certificate is wrong..

%UBR7200-3-MANUFACTURE_CA_CM_CERTIFICATE_FORMAT_ERROR: <133>CMTS[DOCSIS]: Manufacture CA Certificate Format Error

I'm placing the certificate (tried both the Docsis root certificate and the Motorola Certificate) on disk0: as I'm out of space on the bootflash: volume.

Could someone sheed some light on what's going on ?!?

CM's are Motorola surfboards.

uscallesen
Fixed it

Well I solved my issues.

Turns out I had to add the certificate via the terminal (using older IOS 12.2)

ubr1(config)#crypto ca trustpoint EURODOCSIS-ROOT-CERT
ubr1(ca-trustpoint)#enrollment terminal
ubr1(ca-trustpoint)#crl optional
ubr1(ca-trustpoint)#exit

ubr1(config)#crypto ca authenticate EURODOCSIS-ROOT-CERT

-----BEGIN CERTIFICATE-----

** The base64 encoded certificate - I exportet a .cer file to a base64.cer file**

-----END CERTIFICATE-----

After that it worked :)

windwaterwaves
Docsis Root-Cert