cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1295
Views
35
Helpful
15
Replies

Cisco CWMS certificate will expired

akram.root
Level 4
Level 4

Hello team,

I hope you are doing well. 

I have a certification of cisco cwms will expired  soon , this certificate is generated by Godaddy. 

And i need to renewal this certificate before his exiration.

Could you give me the steps to renewal certificate on cisco cwms.

Best regards 

Akram 

15 Replies 15

Hi Nihin,

Thank you for your reply, 

I can upload  just certificate (by Godaddy) without  generated new csr ?

Best regards 

 

 

I don't think its possible to do with CWMS. you need to generate CSR and get it signed.

 

 

 



Response Signature


Simple answer, no you can not. What is your reason for not wanting to generate a CSR? This is the second question you ask with this as a criteria in two days. In my experience there are no issues or drawbacks by renewing certificates by a CSR. It’s a seamless and straightforward process that should be transparent to the users as long as they have the certificate(s) for the root CA in their trust store.



Response Signature


My reason is to directly install the new certification , without generating new CSR .

Best regards

 

That is the action you want to take, but it doesn't explain the reason for why you'd want to do it this way?



Response Signature


Another reason i am worry to lose the exist certificate when i am not getting the new cert by Godaddy. 

Creating a CSR will not have any effect on the current certificate. So you can send that to your CA of choice and then when you get the signed certificate back from it you’ll upload it to the system. That’s the first time that you affect the certificate on the system.

You should read up on what in PKI terminology in known as chain of trust.



Response Signature


As @Roger Kallberg  mentioned generating csr will not effect your existing certificates. 

When generating CSR make sure you add all required SAN fields.

 

 



Response Signature


And why we have this feild  in attachement about upload new certificate contain : private key and certificate ?

That has already been answered in your other thread as well as here

HTH

java

if this helps, please rate

The screen shot is for Expressway, as such it’s not relevant to your question in this post. As Java pointed out this has been answered in your other post.



Response Signature


On expressway its possible to upload the certificate with private key. So to renew the certificate  we upload the new  cert and private key .And if the Root CA is expired we need upload the root too.

 

But the same option is not available with all systems, and with the CWMS you need to do generate CSR and share it with the go daddy  to get new certificates. 

 

 



Response Signature


Doesn't seem like you understand how certificates/pki works if you want to do that, I strongly suggest you spend some time studying about certificates, how the CSR/certificate/private key are related to each other, CN/SAN, key usage and enhanced key usage, trust chain, etc.

Cisco UC greatly depends on certificates and you need to have a good/basic understanding of certificates if you're to manage Cisco UC.

 

Once you have a better understanding you'll see why what you're asking, given most products do not allow you to upload your certificate/private key, is simply not possible, and you MUST use a CSR. The private key generated upon CSR creation is not accesible and remains in the product.

HTH

java

if this helps, please rate