Cisco Cisco Expressway
Loading a Server Certificate and Private Key Onto Expressway
The Expressway’s server certificate is used to identify the Expressway when it communicates with client systems
using TLS encryption, and with web browsers over HTTPS.
using TLS encryption, and with web browsers over HTTPS.
To upload a server certificate:
1.
Go to Maintenance > Security certificates > Server certificate.
2.
Use the Browse button in the Upload new certificate section to select and upload the server certificate PEM
file.
file.
3.
If you used an external system to generate the Certificate Signing Request (CSR) you must also upload the
server private key PEM file that was used to encrypt the server certificate. (The private key file will have been
automatically generated and stored earlier if the Expressway was used to produce the CSR for this server
certificate.)
server private key PEM file that was used to encrypt the server certificate. (The private key file will have been
automatically generated and stored earlier if the Expressway was used to produce the CSR for this server
certificate.)
—
The server private key PEM file must not be password protected.
—
You cannot upload a server private key if a certificate signing request is in progress.
4.
Click Upload server certificate data.
Managing the Trusted CA Certificate List
The Trusted CA certificate page (Maintenance > Security certificates > Trusted CA certificate) allows you to
manage the list of certificates for the Certificate Authorities (CAs) trusted by this Expressway. When a TLS
connection to Expressway mandates certificate verification, the certificate presented to the Expressway must be
signed by a trusted CA in this list and there must be a full chain of trust (intermediate CAs) to the root CA.
manage the list of certificates for the Certificate Authorities (CAs) trusted by this Expressway. When a TLS
connection to Expressway mandates certificate verification, the certificate presented to the Expressway must be
signed by a trusted CA in this list and there must be a full chain of trust (intermediate CAs) to the root CA.
■
To upload a new file containing one or more CA certificates, Browse to the required PEM file and click
Append CA certificate. This will append any new certificates to the existing list of CA certificates. If you are
replacing existing certificates for a particular issuer and subject, you have to manually delete the previous
certificates.
Append CA certificate. This will append any new certificates to the existing list of CA certificates. If you are
replacing existing certificates for a particular issuer and subject, you have to manually delete the previous
certificates.
■
To replace all of the currently uploaded CA certificates with the system's original list of trusted CA certificates,
click Reset to default CA certificate.
click Reset to default CA certificate.
■
To view the entire list of currently uploaded trusted CA certificates, click Show all (decoded) to view it in a
human-readable form, or click Show all (PEM file) to view the file in its raw format.
human-readable form, or click Show all (PEM file) to view the file in its raw format.
■
To view an individual trusted CA certificate, click on View (decoded) in the row for the specific CA certificate.
■
To delete one or more CA certificates, tick the box(es) next to the relevant CA certificate(s) and click Delete.
14
Cisco Expressway Certificate Creation and Use Deployment Guide
Loading Certificates and Keys Onto Expressway