Hi Oleksandr,

Thanks for your reply. 

The generated CSR from the Expressways already authorized by CA and provided me the files with .cer extension. I copied the files on my PC and converted the files to .pem so it can be used by Expressway base on the guide http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-7/Cisco-VCS-Certificate-Creation-and-Use-Deployment-Guide-X8-7.pdf on Appendix 3 using Microsoft Windows.

I'm trying to upload the PEM file on Maintenance > Security certificates > Server certificate but have error.

Any help? Also how to obtain the root certificate from CA?

Thank you

About error:

See: "Appendix 5: Enable AD CS to Issue "Client and Server" Certificates" in your manual. For sign expressway sertificates CA must use template with both Server and Client authentication.

About root sertificat (CA sertificat):

See: Managing the Trusted CA Certificate List  (page 11)

br Oleksandr

Hi Oleksandr,

Thanks again for big help.

We managed to create new certification template using Web Server-Client and successfully uploaded on the Expressway.

But I'm little bit confused on the Root Certificate. We already uploaded the signed certificate, we need also to upload the Root Certificate right? How can we obtain the root certificate for us to upload on the Expressway? Is this the same .pem file we just uploaded earlier on Expressway under Maintenance > Security certificates > Server certificate? Then we need to upload it under Maintenance > Security certificates > Trusted CA certificate?

We used Windows Server 2012 as our CA. 

Thank you for assistance.

Maintenance > Security certificates > Trusted CA certificate

Very nice guide here

See "Configuring the Trusted CA Certificate List on the VCS Expressway"  section .

br Oleksandr

Thanks for the link.

does it apply on version X8.7? The guide is for X7.2.2 and X8.1. and for Webex Meeting Center.

We are deploying MRA in our case. 

Thanks.