02-19-2019 02:38 AM
Hello world,
in the "Mobile and Remote Access via Cisco Expressway Deployment Guide" there is a line that says:
Install on both Expressways the trusted Certificate Authority (CA) certificates of the authority that signed the Expressway's server certificates.
That makes sense, since each respective expressway has to validate the presented certificate.
My question is, whether it would also work to just upload the respective server certificate of each expressway to each other?
This is just a hypothetical question.
Thank you in advance.
Solved! Go to Solution.
02-19-2019 07:01 AM
According to the help from that page, no, it would not, as you wouldn't have the full chain of trust:
The Trusted CA certificate page (Maintenance > Security > Trusted CA certificate) allows you to manage the list of certificates for the Certificate Authorities (CAs) trusted by this Expressway. When a TLS connection to Expressway mandates certificate verification, the certificate presented to the Expressway must be signed by a trusted CA in this list and there must be a full chain of trust (intermediate CAs) to the root CA.
02-19-2019 07:01 AM
According to the help from that page, no, it would not, as you wouldn't have the full chain of trust:
The Trusted CA certificate page (Maintenance > Security > Trusted CA certificate) allows you to manage the list of certificates for the Certificate Authorities (CAs) trusted by this Expressway. When a TLS connection to Expressway mandates certificate verification, the certificate presented to the Expressway must be signed by a trusted CA in this list and there must be a full chain of trust (intermediate CAs) to the root CA.
02-19-2019 07:25 AM
Okay, great. Thanks Jaime. Just wanted to verify it. That explains why the server certificate is sufficient if the server certificate was self signed, since there is no chain of trust.
Have a great day.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide