10-31-2023 02:18 AM
Hi guys
we had some issues this morning with our B2B calls, we update the public identity cert each year on the expressway E, we don't normally have to do anything with the expressway C.
We did have to put a new public root cert on the E also this year, however when we did this, it broke the tunnel between the C and E and stopped our video calls from working.
I then copied the new public cert to the C, did a reboot and it was then all OK.
I thought that the Exp C only requires our internally signed certs to create the tunnel between the C and E.
Does the C also need the public root certificate on it?
Cheers
Solved! Go to Solution.
10-31-2023 02:34 AM - edited 10-31-2023 02:34 AM
Yes, the C also needs to have the public root CA's from E, the same as E needs the private root CA's from C.
This is known since the beginning / hasn't changed and is not specific to Cisco / Expressway. You always need to upload the root CA's from the opposite server.
And if you would check out the uploaded root CA's in C, you would also see the old public Root CA's in there.
10-31-2023 02:34 AM - edited 10-31-2023 02:34 AM
Yes, the C also needs to have the public root CA's from E, the same as E needs the private root CA's from C.
This is known since the beginning / hasn't changed and is not specific to Cisco / Expressway. You always need to upload the root CA's from the opposite server.
And if you would check out the uploaded root CA's in C, you would also see the old public Root CA's in there.
10-31-2023 02:35 AM
Hello, yes, Exp-C must trust to Exp-E certificate. And for this trust you must upload root certificate of Exp-E signer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide