Cisco Cisco Expressway Maintenance Manual
n
To upload a new file containing one or more CA certificates, Browse to the required PEM file and click
Append CA certificate. This will append any new certificates to the existing list of CA certificates. Note
that if you are replacing existing certificates for a particular issuer and subject, you have to manually
delete the previous certificates.
Append CA certificate. This will append any new certificates to the existing list of CA certificates. Note
that if you are replacing existing certificates for a particular issuer and subject, you have to manually
delete the previous certificates.
n
To replace all of the currently uploaded CA certificates with the system's original list of trusted CA
certificates, click Reset to default CA certificate.
certificates, click Reset to default CA certificate.
n
To view the entire list of currently uploaded trusted CA certificates, click Show all (decoded) to view it in a
human-readable form, or click Show all (PEM file) to view the file in its raw format.
human-readable form, or click Show all (PEM file) to view the file in its raw format.
n
To view an individual trusted CA certificate, click on View (decoded) in the row for the specific CA
certificate.
certificate.
n
To delete one or more CA certificates, tick the box(es) next to the relevant CA certificate(s) and click
Delete.
Delete.
certificate file.
Managing the Expressway's server certificate
The
Server certificate
page (
Maintenance > Security certificates > Server certificate
) is used to manage
the Expressway's server certificate. This certificate is used to identify the Expressway when it
communicates with client systems using TLS encryption, and with web browsers over HTTPS. You can:
communicates with client systems using TLS encryption, and with web browsers over HTTPS. You can:
n
view details about the currently loaded certificate
n
generate a certificate signing request
n
upload a new server certificate
Viewing the currently uploaded certificate
The
Server certificate data
section shows information about the server certificate currently loaded on the
Expressway.
n
To view the currently uploaded server certificate file, click Show (decoded) to view it in a human-readable
form, or click Show (PEM file) to view the file in its raw format.
Note that if a certificate contains SRV-ID or XMPP-ID formatted entries, when that certificate is viewed
those entries will show as '<unsupported>'. That does not mean the certificate is invalid, but that the
openssl code does not know how to display those identifiers.
form, or click Show (PEM file) to view the file in its raw format.
Note that if a certificate contains SRV-ID or XMPP-ID formatted entries, when that certificate is viewed
those entries will show as '<unsupported>'. That does not mean the certificate is invalid, but that the
openssl code does not know how to display those identifiers.
n
To replace the currently uploaded server certificate with the Expressway's original certificate, click Reset
to default server certificate.
to default server certificate.
Note: do not allow your server certificate to expire as this may cause other external systems to reject your
certificate and prevent the Expressway from being able to connect to those systems.
certificate and prevent the Expressway from being able to connect to those systems.
Generating a certificate signing request (CSR)
The Expressway can generate server certificate signing requests. This removes the need to use an external
mechanism to generate and obtain certificate requests.
mechanism to generate and obtain certificate requests.
Cisco Expressway Administrator Guide (X8.2)
Page 208 of 378
Maintenance
About security certificates