Cisco Cisco Expressway
3. Generate a signed server certificate by running the following command:
openssl ca
-config openssl_local.cfg -cert cacert.pem -keyfile
private/cakey.pem -in certcsr.pem -out certs/server.pem -md sha1
If you receive a "failed to update database TXT_DB error number 2" error message, you can remove the
contents of the index.txt file and then rerun the command.
If you receive a "failed to update database TXT_DB error number 2" error message, you can remove the
contents of the index.txt file and then rerun the command.
4. You will be prompted to enter the password for the CA’s private key.
The signed certificate for the server is now available as demoCA/certs/server.pem.
Creating self-signed certificates using OpenSSL
We do not recommend creating self-signed certificates. They will not work in Unified Communications
deployments.
deployments.
Instead you should create a Certificate Authority using OpenSSL as described above.
Cisco Expressway Certificate Creation and Use Deployment Guide (X8.5.1)
Page 23 of 32
Appendix 2: Certificate generation using OpenSSL only