Cisco Cisco Expressway
Expressway-E has a Fully Qualified Domain Name of expe.example.com
Task 4: Replacing the default server certificate
For extra security, you may want to have the Expressway communicate with other systems (such as LDAP
servers, neighbor Expressways, or clients such as SIP endpoints and web browsers) using TLS encryption.
servers, neighbor Expressways, or clients such as SIP endpoints and web browsers) using TLS encryption.
For this to work successfully in a connection between a client and server:
n
The server must have a certificate installed that verifies its identity. This certificate must be signed by a
Certificate Authority (CA).
Certificate Authority (CA).
n
The client must trust the CA that signed the certificate used by the server.
The Expressway allows you to install appropriate files so that it can act as either a client or a server in
connections using TLS. The Expressway can also authenticate client connections (typically from a web
browser) over HTTPS. You can also upload certificate revocation lists (CRLs) for the CAs used to verify
LDAP server and HTTPS client certificates.
connections using TLS. The Expressway can also authenticate client connections (typically from a web
browser) over HTTPS. You can also upload certificate revocation lists (CRLs) for the CAs used to verify
LDAP server and HTTPS client certificates.
The Expressway can generate server certificate signing requests (CSRs). This removes the need to use an
external mechanism to generate and obtain certificate requests.
external mechanism to generate and obtain certificate requests.
For secure communications (HTTPS and SIP/TLS) we recommend that you replace the Expressway default
certificate with a certificate generated by a trusted certificate authority.
certificate with a certificate generated by a trusted certificate authority.
Note that in connections:
n
to an endpoint, the Expressway acts as the TLS server
n
to an LDAP server , the Expressway is a client
n
between two Expressway systems, either Expressway may be the client with the other Expressway being
the TLS server
the TLS server
n
via HTTPS, the web browser is the client and the Expressway is the server
Cisco Expressway Basic Configuration Deployment Guide (X8.5.2)
Page 12 of 57
Expressway system configuration