Cisco Cisco Expressway
2.
Select Download a CA certificate, certificate chain or CRL.
3.
Select Base 64.
4.
Select Download CA certificate.
5.
Choose Save File and click OK.
6.
Rename certnew.cer to certnew.pem.
Files server.pem and certnew.pem are now available.
section in this document and upload server.pem
and certnew.pem to Expressway.
Loading Certificates and Keys Onto Expressway
The Expressway uses standard X.509 certificates. The certificate information must be supplied to the Expressway in
PEM format. Typically 3 elements are loaded:
PEM format. Typically 3 elements are loaded:
■
The server certificate (which is generated by the certificate authority, identifying the ID of the certificate
holder, and should be able to act as both a client and server certificate).
holder, and should be able to act as both a client and server certificate).
■
The private key (used to sign data sent to the client, and decrypt data sent from the client, encrypted with the
public key in the server certificate). This must only be kept on the Expressway and backed up in a safe place –
security of the TLS communications relies upon this being kept secret.
public key in the server certificate). This must only be kept on the Expressway and backed up in a safe place –
security of the TLS communications relies upon this being kept secret.
■
A list of certificates of trusted certificate authorities.
Note
: New installations of Expressway software (from X8.1 onwards) ship with a temporary trusted CA, and a server
certificate issued by that temporary CA. We strongly recommend that you replace the server certificate with one
generated by a trusted certificate authority, and that you install CA certificates for the authorities that you trust.
generated by a trusted certificate authority, and that you install CA certificates for the authorities that you trust.
13
Cisco Expressway Certificate Creation and Use Deployment Guide
Loading Certificates and Keys Onto Expressway