02-07-2021 02:42 AM
Hello team,
I hope you are doing well.
I have a certification of cisco cwms will expired soon , this certificate is generated by Godaddy.
And i need to renewal this certificate before his exiration.
Could you give me the steps to renewal certificate on cisco cwms.
Best regards
Akram
02-07-2021 02:57 AM
Go through Generating SSL Certificates from below link.
02-07-2021 04:59 AM
Hi Nihin,
Thank you for your reply,
I can upload just certificate (by Godaddy) without generated new csr ?
Best regards
02-07-2021 05:22 AM
I don't think its possible to do with CWMS. you need to generate CSR and get it signed.
02-07-2021 10:10 AM - edited 02-08-2021 10:26 PM
Simple answer, no you can not. What is your reason for not wanting to generate a CSR? This is the second question you ask with this as a criteria in two days. In my experience there are no issues or drawbacks by renewing certificates by a CSR. It’s a seamless and straightforward process that should be transparent to the users as long as they have the certificate(s) for the root CA in their trust store.
02-08-2021 01:40 AM
My reason is to directly install the new certification , without generating new CSR .
Best regards
02-08-2021 01:54 AM - edited 02-08-2021 06:56 AM
That is the action you want to take, but it doesn't explain the reason for why you'd want to do it this way?
02-08-2021 01:00 PM
Another reason i am worry to lose the exist certificate when i am not getting the new cert by Godaddy.
02-08-2021 10:11 PM
Creating a CSR will not have any effect on the current certificate. So you can send that to your CA of choice and then when you get the signed certificate back from it you’ll upload it to the system. That’s the first time that you affect the certificate on the system.
You should read up on what in PKI terminology in known as chain of trust.
02-08-2021 10:40 PM
As @Roger Kallberg mentioned generating csr will not effect your existing certificates.
When generating CSR make sure you add all required SAN fields.
02-08-2021 01:06 PM - edited 02-08-2021 01:10 PM
02-08-2021 01:39 PM - edited 02-08-2021 08:57 PM
That has already been answered in your other thread as well as here
02-08-2021 10:13 PM
The screen shot is for Expressway, as such it’s not relevant to your question in this post. As Java pointed out this has been answered in your other post.
02-08-2021 02:00 AM - edited 02-08-2021 02:00 AM
On expressway its possible to upload the certificate with private key. So to renew the certificate we upload the new cert and private key .And if the Root CA is expired we need upload the root too.
But the same option is not available with all systems, and with the CWMS you need to do generate CSR and share it with the go daddy to get new certificates.
02-08-2021 05:46 AM
Doesn't seem like you understand how certificates/pki works if you want to do that, I strongly suggest you spend some time studying about certificates, how the CSR/certificate/private key are related to each other, CN/SAN, key usage and enhanced key usage, trust chain, etc.
Cisco UC greatly depends on certificates and you need to have a good/basic understanding of certificates if you're to manage Cisco UC.
Once you have a better understanding you'll see why what you're asking, given most products do not allow you to upload your certificate/private key, is simply not possible, and you MUST use a CSR. The private key generated upon CSR creation is not accesible and remains in the product.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide