Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
616
Views
0
Helpful
1
Replies

Cisco CWS HTTPS certificate

Sean Alexander
Level 1
Level 1

‎07-06-2015 04:07 AM - edited ‎03-08-2019 05:37 PM

Hi All,

 

I am trying to use AD generated certificate in CWS but always get Invalid certificate when trying to upload.

 

So I am generating a CSR on CWS and requesting a cert through AD Certificate services, I recieve a cert.cer file which CWS will not accept. Can anyone point me in the right direction on how to generate and upload an internally signed cert to CWS.

 

Thanks,

Labels:
0 Helpful
1 Reply 1

SriSagar Kadambi
Cisco Employee
Cisco Employee

‎07-06-2015 04:23 AM

Hi Sean,

There are some issues with this particular feature on the portal as of now.

Please raise a TAC case and provide the following details. The certificate can be uploaded manually from the backend :

  • Generate a private key (2048 bit RSA) and CSR
  • Have the CSR signed (include the extensions mentioned below)
  • Send the private key and signed certificate (PEM or DER encoded) to TAC, who will escalate it to DBA
  • Also provide name and description for certificate that needs to be uploaded.

The certificate must include the following details:

  • RSA private/public keypair length of 2048 bits
  • SHA1 hashing should be used for signing purposes
  • The following extensions are required in the signed certificate:
        X509v3 extensions:
          X509v3 Key Usage: critical
            Certificate Sign, CRL Sign
          X509v3 Basic Constraints:
            CA:TRUE

PLEASE ENSURE ALL OF THE ABOVE MENTIONED ARE PROVIDED TO THE CSE.

0 Helpful
Customers Also Viewed These Support Documents