Cisco Cisco Expressway
2.
Submit the certificate request from a command prompt:
—
To generate a certificate with Server Authentication and Client Authentication, which is required if you
want to configure a neighbor or traversal zone with mutual authentication (TLS verify mode), type:
want to configure a neighbor or traversal zone with mutual authentication (TLS verify mode), type:
certreq -submit -attrib “CertificateTemplate:Webclientandserver”
C:\Users\<user>\Desktop\certcsr.der
C:\Users\<user>\Desktop\certcsr.der
set up the
Webclientandserver
certificate template.
—
To generate a certificate with Server Authentication only, type:
certreq -submit -attrib “CertificateTemplate:WebServer” C:\Users\<user>\Desktop\certcsr.der
This triggers the Certification Authority window to open:
Note that the command must be run as the administrator user.
3.
Select the Certification Authority to use (typically only one is offered) and click OK.
4.
When requested, save the certificate (browse to the required folder if the default Libraries > Documents
folder is not to be used) calling it server.cer for example.
folder is not to be used) calling it server.cer for example.
5.
Rename server.cer to server.pem for use with the Expressway.
Get the Microsoft CA certificate
1.
In your web browser, go to <IP or URL of the Microsoft Certificate Server>/certsrv and log in.
12
Cisco Expressway Certificate Creation and Use Deployment Guide
Authorizing a Request and Generating a Certificate Using Microsoft Certification Authority