Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
20819
Views
20
Helpful
11
Replies

How to Renew the Expressway servers' cert.

Chi Fai Leung
Level 1
Level 1

‎09-01-2016 08:27 AM - edited ‎03-19-2019 11:32 AM

Hi,

My Cisco Expressway servers had singed the Godaddy SAN cert. and showed the expired.
Now, I am going to renew the cert. on my Expressway Edge server.
It allow me to upload the new server cert. and it must also upload the private key, but I have not get any private key when renew the Godaddy SAN cert.? Must regenerate the new CSR when renew? Is it previous generate the private key and I have to keep it b4?

1 person had this problem
Labels:
0 Helpful
11 Replies 11

Jaime Valencia
Cisco Employee
Cisco Employee

‎09-01-2016 08:52 AM

VCS provides two ways in which you can upload the server certificate, the first one, is that you're going to generate the CSR, and VCS will automatically generate the private key. You just need to get the csr signed, to then upload it. As the screenshot says, you don't have any CSR going on right now.

The other option, is that you'll use other option, like openssl, to generate the CSR/certificate AND the private key, that when you use the other option.

You can use either one, if you just need to get a CSR signed, just use the first one.

The VCS documentation has a whole document dedicated to certificates, have you reviewed it???

HTH

java

if this helps, please rate
0 Helpful

Chi Fai Leung
Level 1
Level 1
In response to Jaime Valencia

‎09-01-2016 08:56 AM

Renew the cert. = Regenerate the new CSR?

0 Helpful

Jaime Valencia
Cisco Employee
Cisco Employee
In response to Chi Fai Leung

‎09-01-2016 09:00 AM

Yes, if all you want is to get a CSR signed, generate a CSR and have it signed.

You really should read the documentation around certificates as they're VERY important and you need to understand how they work.

http://www.cisco.com/c/en/us/support/unified-communications/telepresence-video-communication-server-vcs/products-installation-and-configuration-guides-list.html

HTH

java

if this helps, please rate
0 Helpful

BrianTaco
Level 1
Level 1
In response to Jaime Valencia

‎12-08-2016 01:19 PM

I'm actually in the same situation right now.  Godaddy automatically renewed the existing cert using the key that was used on the original cert.  However, it seems that the expressway server is forcing one to re-upload the same private key from a year earlier.  If you have not kept your key in a safe place and/or have misplaced/deleted it, you will be forced to 1) generate a new private key CSR and 2) revoke the renewal certificate from Godaddy and generate a new one based on the new CSR just created.

Most other systems i use allow a certificate to be renewed without the original private key as this should already be stored securely by the system.  Guess it cant all be a breeze. 

edit: forgot to add that extracting the private key out of express way requires CLI root access and an unpublished command to display the private key.  Maybe TAC has this command; i don't have it saved :|

0 Helpful

Patrick Sparkman
VIP Alumni
VIP Alumni
In response to BrianTaco

‎12-08-2016 08:12 PM

If you have root access to your VCS, you can download the private key that was uploaded from your existing certificate using WinSCP.  The directory certificates and private keys get uploaded to is located under root/tandberg/persistent/certs.

Ayodeji Okanlawon
VIP Alumni
VIP Alumni
In response to Patrick Sparkman

‎03-13-2017 12:11 PM

Hi Patrick (+5)

Came across this post while looking for a way to delete an expired server cert on our expressway servers. I was able to find the old servers certs in this folder. Thanks

Please rate all useful posts
0 Helpful

shingichimbiri
Level 1
Level 1
In response to Ayodeji Okanlawon

‎09-26-2019 01:26 AM

Hi Ayodeji

 

I want to delete certs that expired in February 2019, from the attached which one should be deleted?

 

Thanks

Preview file
35 KB
0 Helpful

Ayodeji Okanlawon
VIP Alumni
VIP Alumni
In response to Patrick Sparkman

‎03-13-2017 01:02 PM

Patrick after login into to my expressway, I observed that I do not see any expired server certs. Looks like expressway only keeps a copy of the server cert and doesnt retain the old ones. I have an issue where my monitoring software keeps generating alarms for a cert that is about to expire even though I have renewed the cert.

Or is there a folder where old expired certs are kept?

Please rate all useful posts
0 Helpful

Patrick Sparkman
VIP Alumni
VIP Alumni
In response to Ayodeji Okanlawon

‎03-13-2017 01:13 PM

That's the only folder that I'm aware of.

Could the alert be coming from an old certificate CA that was included with the VCS/Expressway?

Depending on when the server was installed, with earlier versions (I believe it was before X8.x software), Cisco did include a bunch of default CAs.

0 Helpful

Ayodeji Okanlawon
VIP Alumni
VIP Alumni
In response to Patrick Sparkman

‎03-13-2017 01:49 PM

Its on X8.8.1 and I am pretty sure the alert is for the old server cert because  of the date. I am just not sure where its getting it from since those certs no longer exists on the servers

Please rate all useful posts
0 Helpful

Alberto Flores CCIE
Level 1
Level 1

‎06-08-2018 11:17 PM

Another way, for obtain privatekey PEM, is making a backup, and decompressing it. In Tandberg subfolder is the golden file.
Regards.
Customers Also Viewed These Support Documents