cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1964
Views
0
Helpful
4
Replies

Installing a Renewed (or replacing with wildcard) cert from GoDaddy on Expressway server

WestlakeIT
Level 1
Level 1

I originally posted this in security since it's a question about SSL certs, but I was told since it's for a voice product I might find better help here.

Hello, I'm needing to install either a renewed GoDaddy cert, or my boss suggested the wildcard cert, onto a Cisco Expressway-E server, but all the instructions I found talk about creating a CRS key and then getting the cert with the new CRS key.  I found a video where some guy just installed the renewed cert like it wasn't even a thing, just uploaded the single file and that was that.

I'm confused now.  I'm not a security tech, and I don't want to break it if I do it wrong.  Can I just upload the new GoDaddy cert?  If I install the wildcard cert instead what all do I need?

4 Replies 4

Jaime Valencia
Cisco Employee
Cisco Employee

There are only two options, but without knowing exactly what you plan to use that certificate for, my best recommendation is to engage a reputable consultant or a Cisco partner WITH voice specializations to discuss exactly what that exp-e is used for, and what would be required in the certificate for everything to work properly.

 

If you still want to go ahead, the two options are:

A) Generate a CSR on the server, have it signed, then upload the signed certificate which will match the private key that is in the server.

B) Generate the private key and the CSR or certificate with any other option you want to use, and then upload the signed certificate and the matching private key.

HTH

java

if this helps, please rate

Leonardo Santana
Spotlight
Spotlight

Hi,

Look this videos i think it might helps you:

 

Here is the URL for a video that explains how to extract the private key from your Expressway server: https://video.cisco.com/video/5828517977001

Here are some steps that may also help you while installing new certificates in the Expressway servers.

How to generate a CSR in EXPWY servers: https://video.cisco.com/video/5809964179001

 

How to install a server certificate in the EXPWY servers (procedure for the intermediate is the same as for the root): https://video.cisco.com/video/5819742564001

 

 

How to generate trust between EXPWY-C and EXPWY-E: https://video.cisco.com/video/6120786941001

 

 

EXPWY Certificates Guide: https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-9/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-9.pdf

 

How to extract the private key form an EXPWY server: https://video.cisco.com/video/5828517977001

 

Certificate Key Matcher: https://www.sslshopper.com/certificate-key-matcher.html

 

Regards

 

Leonardo Santana

Regards
Leonardo Santana

*** Rate All Helpful Responses***

Are you going to renew or you got the renewed certificate ?

 

Below mentioned is a production expressway-E certificate with CN=*.domain purchased from Digicert, if you look int to the DNS fields it contain all the name which I included in the CSR.

 

But with goDaddy wildcard certificate, my experience is  they don't provide the DNS entries which we requested in CSR instead of that they mention only *.domain. and this will effect features like MRA. 

 

 

Screen Shot 2020-07-29 at 5.04.54 AM.png

 

goDaddy is cheap compared to Digicert, but the support is worst. 

 



Response Signature


For a similar CSR below is the wildcard  certificate which we  received from Godaddy. when customer opted SAN certificate for the same CSR, GoDaddy provided certificate with all DNS fields.

 

Screen Shot 2020-07-29 at 9.56.39 AM.png

 

 

 



Response Signature


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: