Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
292
Views
0
Helpful
1
Replies

Certificate CSR issue with Expressway 8.2

mark.watson
Level 1
Level 1

‎12-08-2014 06:16 AM - edited ‎03-13-2019 08:45 PM

I am trying to install certificates on Experssway 8.2 and even though I generated the CSR on the system, the server must not think that I have as the server shows "There is no certificate signing request in progress".  Consequently, it is asking for the private key which I do not have as the private key is embedded in the certificate.

 

How can I import the CSR that I downloaded from the server in the first place so it stops asking me for the private key?

Labels:
0 Helpful
1 Reply 1

Ayodeji Okanlawon
VIP Alumni
VIP Alumni

‎12-08-2014 08:39 AM

I am not sure what's going on, but perhaps you can use the steps below to review your certificate sing request generation...

Generating a certificate signing request (CSR)

A CSR contains the identity information about the owner of a private key. It can be passed to a third-party or internal certification authority for generating a signed certificate, or it can be used in conjunction with an application such as Microsoft Certification Authority or OpenSSL.

Creating a CSR using Expressway

The Expressway can generate server certificate signing requests. This removes the need to use an external mechanism to generate and obtain certificate requests.

To generate a CSR:

1.

Go to Maintenance > Security certificates > Server certificate.

2.

Click Generate CSR to go to the Generate CSR page.

3.

Enter the required properties for the certificate.

l

See Server certificates and clustered systems [p.5] if your Expressway is part of a cluster.

l

See Server certificates and Unified Communications [p.6] if this Expressway is part of a Unified Communications solution.

l

The certificate request includes automatically the public key that will be used in the certificate, and the client and server authentication Enhanced Key Usage (EKU) extension.

4.

Click Generate CSR. The system will produce a signing request and an associated private key.

Note that the private key is stored securely on the Expressway and cannot be viewed or downloaded. You must never disclose your private key, not even to the certificate authority.

5.

You are returned to the Server certificate page. From here you can:

l

Download the request to your local file system so that it can be sent to a certificate authority. You are prompted to save the file (the exact wording depends on your browser).

l

View the current request (click Show (decoded) to view it in a human-readable form, or click Show (PEM file) to view the file in its raw format).

Note that only one signing request can be in progress at any one time. This is because the Expressway has to keep track of the private key file associated with the current request. To discard the current request and start a new request, click Discard CSR.

You must now authorize the request and generate a signed PEM certificate file. You can pass it to a third-party or internal certification authority, or use it in conjunction with an application such as Microsoft Certification Authority (see Authorizing a request and generating a certificate using Microsoft Certification Authority [p.7]) or OpenSSL (see Operating as a Certificate Authority using OpenSSL [p.15]).

When the signed server certificate is received back from the certificate authority, it must

Please rate all useful posts
0 Helpful
Customers Also Viewed These Support Documents