cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11399
Views
10
Helpful
9
Replies

Invalid certificate: Unrecognized CA. This certificate is not currently trusted by the Expressway. This is because the CA certificate is not in the trust store.

eslam rizk
Level 4
Level 4

I am Trying to upload Server Certificate for Expressway C and E in my Test Environment, but i am getting below Error message:

Invalid certificate: Unrecognized CA. This certificate is not currently trusted by the Expressway. This is because the CA certificate is not in the trust store.

 

2019-10-10_223305.png

 

I was able to upload CA Root Certificate on C and E

 

2019-10-10_223305.png

 

and then tried to upload CRL List , but still couldn't upload C and E Server Certificate

My Deployment is : Windows 2012 acts as DNS/AD/CA and Expressway 8.10.4 with UCM 12.0

+++++++++++++++++++++++++++++++++++++++

I have followed the section : Enable AD CS to Issue"Client and Server Certificates

https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-10/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-10.pdf

 

CA Root Cert , CSR and Expressway C Signed Cert attached

I just attached it as .txt as its only allowed ext for attachments , change Certs to .CER to and certcrl to .crl

9 Replies 9

Jaime Valencia
Cisco Employee
Cisco Employee

SHA1 has been deprecated for quite some time, even VCS changed to SHA256 as the default for the CSRs back in 2015.

 

HTH

java

if this helps, please rate

I have reinstalled CA Role with using SHA256 ,

Reissue the Certificate, but still getting same error message 

 

I am attaching Both CA and Expressway C signed Cert using SHA256

 

Finally I wasa able to upload the CA and Server Certificate to C and it was accepted

but when i tried to do the same for E , Faced Same error

 

hi ,

i have same problem , how you reslove that !!

advice me plz

Recently I had the same problem, it was caused because the NTP had an incorrect date, so if the certificate validation date is in future, you always received the message. "Invalid Certificate: Unrecognized CA".

Thank you it after configurer NTP, it work for me 

Tks... It was the Windows Server Time

Hi eslam,

May i know how you over come the error - ""nvalid certificate: Unrecognized CA. This certificate is not currently trusted by the Expressway. This is because the CA certificate is not in the trust store.

Thank you !

bhelvacioglu
Level 1
Level 1
I had the same problem. Windows DC root Cert is installed on ExpC but I wass getting the error.
Hello,

When I check the NTP on ExpC and check the DC time, I realize that the time is different.
I change the NTP (NTP was working on windows router in my environmen ) and reboot the ExpC. After reboot CA signed certificate install successfully.