Cisco Cisco Expressway 维护手册
replacing existing certificates for a particular issuer and subject, you have to manually delete the previous
certificates.
certificates.
n
To replace all of the currently uploaded CA certificates with the system's original list of trusted CA
certificates, click Reset to default CA certificate.
certificates, click Reset to default CA certificate.
n
To view the entire list of currently uploaded trusted CA certificates, click Show all (decoded) to view it in a
human-readable form, or click Show all (PEM file) to view the file in its raw format.
human-readable form, or click Show all (PEM file) to view the file in its raw format.
n
To view an individual trusted CA certificate, click on View (decoded) in the row for the specific CA
certificate.
certificate.
n
To delete one or more CA certificates, tick the box(es) next to the relevant CA certificate(s) and click
Delete.
Delete.
certificate file.
Managing the Expressway's server certificate
The
Server certificate
page (
Maintenance > Security certificates > Server certificate
) is used to manage
the Expressway's server certificate. This certificate is used to identify the Expressway when it
communicates with client systems using TLS encryption, and with web browsers over HTTPS. You can:
communicates with client systems using TLS encryption, and with web browsers over HTTPS. You can:
n
view details about the currently loaded certificate
n
generate a certificate signing request
n
upload a new server certificate
Viewing the currently uploaded certificate
The
Server certificate data
section shows information about the server certificate currently loaded on the
Expressway.
n
To view the currently uploaded server certificate file, click Show (decoded) to view it in a human-readable
form, or click Show (PEM file) to view the file in its raw format.
form, or click Show (PEM file) to view the file in its raw format.
n
To replace the currently uploaded server certificate with the Expressway's original certificate, click Reset
to default server certificate.
to default server certificate.
Note: do not allow your server certificate to expire as this may cause other external systems to reject your
certificate and prevent the Expressway from being able to connect to those systems.
certificate and prevent the Expressway from being able to connect to those systems.
Generating a certificate signing request (CSR)
The Expressway can generate server certificate signing requests. This removes the need to use an external
mechanism to generate and obtain certificate requests.
mechanism to generate and obtain certificate requests.
To generate a CSR:
1. Go to
Maintenance > Security certificates > Server certificate
.
2. Click Generate CSR to go to the
Generate CSR
page.
3. Enter the required properties for the certificate.
l
l
if this Expressway is part of a Unified
Communications solution.
Cisco Expressway Administrator Guide (X8.1.1)
Page 180 of 343
Maintenance
About security certificates