I'm currently deploying expressway for MRA. I'm having trouble with the zone I created between expressway C and E, the status failed.
I have uploaded server certificate for both servers and uploaded CA on Trusted CA.
Expressway C Zone status
Expressway C Secure Traversal Test
Expressway C Trustes CA Certificate
Expressway E Zone Status
Expressway E Trusted CA Certificate
From the error its because of the Certificate which you uploaded.
Can you explain more on how you signed the certificates and which server/CA certificates you uploaded on each servers.
The certificates that says Not a CA should not be in the trusted CA trust store, please remove them. This is not directly related to your issue, but newer the less it is not accurate or needed to be there. What you do need to have is the certificate(s) of the CA(s) that’s signed each of the C and E certificates uploaded on both the C and E in the trusted CA trust store. This is so that the E can verify the validity of the C and the reverse.
On the Traversal test you have not filled in the name of the C that you want to verify. See the below screenshot for reference.
Apart from this can you please share screenshots of the entire traversal zone configuration from both C and E?
