Cisco Cisco Expressway
Managing the trusted CA certificate list
The Trusted CA certificate page (Maintenance > Security certificates > Trusted CA certificate) allows you to manage
the list of certificates for the Certificate Authorities (CAs) trusted by this Expressway. When a TLS connection to
Expressway mandates certificate verification, the certificate presented to the Expressway must be signed by a trusted CA
in this list and there must be a full chain of trust (intermediate CAs) to the root CA.
the list of certificates for the Certificate Authorities (CAs) trusted by this Expressway. When a TLS connection to
Expressway mandates certificate verification, the certificate presented to the Expressway must be signed by a trusted CA
in this list and there must be a full chain of trust (intermediate CAs) to the root CA.
■
To upload a new file containing one or more CA certificates, Browse to the required PEM file and click Append
CA certificate. This will append any new certificates to the existing list of CA certificates. If you are replacing
existing certificates for a particular issuer and subject, you have to manually delete the previous certificates.
CA certificate. This will append any new certificates to the existing list of CA certificates. If you are replacing
existing certificates for a particular issuer and subject, you have to manually delete the previous certificates.
■
To replace all of the currently uploaded CA certificates with the system's original list of trusted CA certificates,
click Reset to default CA certificate.
click Reset to default CA certificate.
■
To view the entire list of currently uploaded trusted CA certificates, click Show all (decoded) to view it in a human-
readable form, or click Show all (PEM file) to view the file in its raw format.
readable form, or click Show all (PEM file) to view the file in its raw format.
■
To view an individual trusted CA certificate, click on View (decoded) in the row for the specific CA certificate.
■
To delete one or more CA certificates, tick the box(es) next to the relevant CA certificate(s) and click Delete.
Managing Certificate Revocation Lists (CRLs)
Certificate revocation list (CRL) files are used by the Expressway to validate certificates presented by client browsers
and external systems that communicate with the Expressway over TLS/HTTPS. A CRL identifies those certificates that
have been revoked and can no longer be used to communicate with the Expressway.
and external systems that communicate with the Expressway over TLS/HTTPS. A CRL identifies those certificates that
have been revoked and can no longer be used to communicate with the Expressway.
11
Cisco Expressway Certificate Creation and Use Deployment Guide