cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
535
Views
2
Helpful
4
Replies

Uploading Signed certificate to Cisco WSA

lmoceze
Level 1
Level 1

Hello there,

Im trying to replace the self-signed certificate on a Cisco WSA / HTTPS Proxy, but nothing happens.
I created a Certificate in the GUI, then Downloaded the CSR, got it signed, but when I try to upload it, nothing happens.
I browse the file, it files itself shows next to the Browse button, then I click Upload file - then the page refreshes, and the Certificate above stays the same (the Expiration Dates are different, so thats a clear indication.)
I have tried .cer, .pem, .pfx as well, it is the same with all of them.

Did anyone had that problem before? I am using 12.5 and 14.0 - they are acting the same (and I would like to solve that via GUI instead of CLI/certconfig).

Thanks a lot!

4 Replies 4

amojarra
Cisco Employee
Cisco Employee

hello @lmoceze 

I would say it is best to:

[1] generate the CSR 

[2] Submit and Commit the changes

[3] Sign your certificate

[4] make sure the CA server is in the trusted root CA list in the WSA, if not:

[4-1] Import the root CA to the WSA -> then commit 

[4-1] Import any intermediate CA to WSA -> then commit  

[5] Import your Decryption certificate to the WSA

[6] Submit and commit 

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++

Hey there!
Oh you are right, I have forgot to mention that the Root CA is already in the list.
Do I add the intermediate CA to the Trusted Root CA or somewhere else?
Also, it might happen that I might just generated a cert, then created CSR, but did not Submit, then Commit -> will it work that way too?
Thanks!

amojarra
Cisco Employee
Cisco Employee

Thanks @lmoceze 

sorry for not being clear in my previous post, 

short answer is Yes to both, 

If we do not submit and commit after we generate the CSR, there will be some issues while importing the signed certificate.

regarding the Intermediate, exactly as you mentioned, same path that you import the Root CA, 

side note here: the order of importing the Root and Intermediate CA cert is important, we need to first import the root CA, Submit , commit, 

then the intermediate and Submit ,Commit

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++

Thanks for the infos!
I will try the steps and I will let you know