Cisco Cisco Expressway Manuel De Maintenance
To generate a CSR:
1. Go to
Maintenance > Security certificates > Server certificate
.
2. Click Generate CSR to go to the
Generate CSR
page.
3. Enter the required properties for the certificate.
l
l
if this Expressway is part of a
Unified Communications solution.
l
The certificate request includes automatically the public key that will be used in the certificate, and the
client and server authentication Enhanced Key Usage (EKU) extension.
client and server authentication Enhanced Key Usage (EKU) extension.
4. Click Generate CSR. The system will produce a signing request and an associated private key.
The private key is stored securely on the Expressway and cannot be viewed or downloaded. You must
never disclose your private key, not even to the certificate authority.
never disclose your private key, not even to the certificate authority.
5. You are returned to the
Server certificate
page. From here you can:
l
Download the request to your local file system so that it can be sent to a certificate authority. You are
prompted to save the file (the exact wording depends on your browser).
prompted to save the file (the exact wording depends on your browser).
l
View the current request (click Show (decoded) to view it in a human-readable form, or click Show
(PEM file) to view the file in its raw format).
(PEM file) to view the file in its raw format).
Note:
n
Only one signing request can be in progress at any one time. This is because the Expressway has to keep
track of the private key file associated with the current request. To discard the current request and start a
new request, click Discard CSR.
track of the private key file associated with the current request. To discard the current request and start a
new request, click Discard CSR.
n
The certificate signing request storage location changed in X8.
When you generate a CSR in X7, the application puts csr.pem and privkey_csr.pem into
/tandberg/persistent/certs.
When you generate a CSR in X8, the application puts csr.pem and privkey.pem into
/tandberg/persistent/certs/generated_csr.
If you want to upgrade from X7 and have an unsubmitted CSR, then we recommend discarding the
CSR before upgrade, and then regenerating the CSR after upgrade.
When you generate a CSR in X7, the application puts csr.pem and privkey_csr.pem into
/tandberg/persistent/certs.
When you generate a CSR in X8, the application puts csr.pem and privkey.pem into
/tandberg/persistent/certs/generated_csr.
If you want to upgrade from X7 and have an unsubmitted CSR, then we recommend discarding the
CSR before upgrade, and then regenerating the CSR after upgrade.
Uploading a new server certificate
When the signed server certificate is received back from the certificate authority it must be uploaded to the
Expressway.
Expressway.
The
Upload new certificate
section is used to replace the Expressway's current server certificate with a
new certificate.
To upload a server certificate:
1. Go to
Maintenance > Security certificates > Server certificate
.
2. Use the Browse button in the
Upload new certificate
section to select and upload the server certificate
PEM file.
3. If you used an external system to generate the Certificate Signing Request (CSR) you must also upload
the server private key PEM file that was used to encrypt the server certificate. (The private key file will
have been automatically generated and stored earlier if the Expressway was used to produce the CSR for
this server certificate.)
have been automatically generated and stored earlier if the Expressway was used to produce the CSR for
this server certificate.)
l
The server private key PEM file must not be password protected.
l
You cannot upload a server private key if a certificate signing request is in progress.
Cisco Expressway Administrator Guide (X8.5)
Page 222 of 394
Maintenance
About security certificates