02-21-2016 07:11 PM - edited 03-18-2019 11:49 AM
Hello Everyone,
I have a question regarding Expressway certificates. As you know, I have to install certificates between C and E to create a traversal zone. And to disable the pop-up after login from Internet, I have to install a public signed certificate.
My question is, can I install certificates as below:
Expressway-C: ONLY a signed certificate from my own CA (inside the organization).
Expressway-E: a signed certificate from my own CA and another certificate signed by Public CA.
Regards,
02-21-2016 07:50 PM
Yes, simply install all the root certs as necessary so they trust each other.
02-21-2016 08:18 PM
Thank you for your support,
but how Jabber/Expressway will know which certificate to use? Do I need to configure something?
02-21-2016 09:34 PM
Have you reviewed the MRA guides???
Jabber clients must verify the identity of the VCS Expressway they are connecting to by validating its server certificate. To do this, they must have the certificate authority that was used to sign the VCS Expressway's server certificate in their list of trusted CAs.
02-22-2016 04:19 AM
One Expressway server (Expressway -C or -E) uses a single and only one certificate when communicating with servers/clients eg Jabber.
But a server can verify the identify of multiple servers through certificates signed with different authorities.
To make a server trust the certificate of another party, you mustadd the root certificate of the CA that signed/generated that certificate to its trusted root certificate store..
Expressway communicates with his (single) certificate but can trust many.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide