05-10-2020 12:37 PM
I'm setting up Expressway E and C clusters for MRA. I'm looking at the documentation for CSR process and it's not clear how the Xway C works with the Let'sEncrypt CA.
Let'sEncrypt must be able to reach the cluster for domain validation. This is fine for the Xway E cluster but the Xway C cluster has private addresses and cannot be reached by Let'sEncrypt.
Is it just not possible to use ACME for the Xway C cluster or does the CSR generated on the Xway E cluster also take care of the C cluster somehow?
Solved! Go to Solution.
05-10-2020 05:47 PM
For MRA the only server you want a public CA cert, is EXP-E, all other servers can use private CAs, or self-signed (though self-signed means there will be a lot of certificate exchange going on for all the trust to work)
05-10-2020 03:42 PM
05-10-2020 05:47 PM
For MRA the only server you want a public CA cert, is EXP-E, all other servers can use private CAs, or self-signed (though self-signed means there will be a lot of certificate exchange going on for all the trust to work)
05-10-2020 10:38 PM
You would need to put the root CA and any intermediate certificate into the clients trust store for it to trust the CA that signed the certificate. You’d also have to put the root CA and intermediate certificates of Let’s Encrypt in the trusted CA list on C for it to trust the certificate of the E for its internal communication between each other.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide