Diagnostic Signature Signing; Diagnostic Signature Workflow; Diagnostic Signature Events And Actions - Cisco cBR-8 Configuration And Troubleshooting Manual

Call Home

Diagnostic Signature Signing

The diagnostic signature (DS) files are digitally signed before they are made available for downloading. The
following methods are used for digitally signing DS files:
• Signing algorithm (Rivest Shamir and Adleman [RSA] 2048 bits).
• Request keypairs to Abraxas system, which is the digital signing client.
• DS signed through the secure socket layer (SSL) through a code signing client, where the signature is
embedded using XML tags.
• Public keys are embedded in the DS subsystem (Cisco signed, partner-signed, third-party signed) in the
Cisco software. The digitally signed DS file contains the product name such as Diagnostic_Signatures
(Cisco signed), Diagnostic_Signatures_Partner, Diagnostic_Signatures_3rd_Party. The product names
are only used to sign the DS files.
The digital signing client can be found at the
These conditions that must be met to verify the digital signature in a DS file:
• Code sign component support must be available in Cisco software.
• Various public keys that verify the different kinds of diagnostic signatures must be included in platforms
where DS is supported.
• After parsing and retrieving the DS, the DS must execute the verification application program interface
(API) to verify that the DS is valid.

Diagnostic Signature Workflow

The diagnostic signature feature is enabled by default in Cisco software. The following is the workflow for
creating diagnostic signatures:
1 Find the DSs you want to download and assign them to the device. This step is mandatory for a regular
periodic download, but not required for a forced download.
2 The device downloads every assigned DS or a specific DS by regular periodic download or by on-demand
forced download.
3 The device verifies the digital signature of every DS. After verification, the device stores the DS file into
a nonremovable disk. This nonremovable disk can be a bootflash or hard disk, where that DS files can be
read after the device is reloaded. On the routers, the DS file is stored in the bootflash:/call home directory.
4 The device continues sending periodic regular DS download requests to get the latest revision of DS and
replace the older one in the device.
5 The device monitors the event and executes the actions that are defined in the DS when the event happens.

Diagnostic Signature Events and Actions

The events and actions sections are the key areas that are used in diagnostic signatures. The event section
defines all event attributes that are used for the event detection. The action section lists all the steps to be
Cisco cBR Series Converged Broadband Routers Troubleshooting and Network Management Configuration Guide
Information About Diagnostic Signatures
https://abraxas.cisco.com/SignEngine/submit.jsp link.
for Cisco IOS XE Fuji 16.8.x
31