Server Certificate regeneration - Cisco Expressway

techguy · ‎04-02-2018

Hi All,

I have one standalone expressway C & E where "Server certificate" going to be expired soon.It was created Using Microsoft Certification Authority.

Now i want to renew it. I followed "Cisco Expressway Certificate Creation and Use"guideline and found that we need to generate CSR file. Then that file is copied to local file system so that it can be sent to a certificate authority (Microsoft Certification Authority). At this moment, i am clueless.

Can someone guide me that how to renew it? Thanks a lot.

lior look · ‎04-05-2018

Step 1 - after you click for new CSR you need to download the file to your desktop (.csr extension) and send the file to the CA manager.

Tell the manager to insert (or making a template) into the certificate the following requirements:

Enhanced key usage: server and client authentication

Key Usage: Digital Signature, Key Encipherment

Public Key Size: 4096bits (recommended by Cisco)

From version X8.5.1 the user interface provides an option to set the Digest algorithm. The default is set to SHA256, with options to change to SHA-1, SHA-384, or SHA-512.

ask the manager what algorithm the CA is support

Step 2 - you will except to getting back an certificate (in most cases the file's extension will be .crt or .cer, so you should change that to .pem)

Step 3 - Go back to the page of the CSR management in the Expressway and upload the certificate.

SagarN · ‎03-26-2020

Do I need to install root certificate at the time of renewal of Expressway E SSL certificate?