Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
1
Replies

ExpressWay-E certificates

Tieken Maas
Level 1
Level 1

‎03-27-2020 02:53 AM - edited ‎03-27-2020 03:15 AM

Hello everyone,

 

I'm a bit puzzled as to the following point. Initially, we deployed Expressway-C and -E nodes and used "grey" certificates for the traversal zone. We installed a Windows 2008 based CA, with a self-singned root certificate, and server certificates for both -C and -E nodes were issued using this CA. The traversal zone is ok.

 

Now the customer would like to use a public "white" certificate for -E node so that WebRTC clients don't receive a warning about a non-reliable certificate. The question is whether we can upload one more server certificate (signed by a public CA like Let's Encrypt) to -E node or not? Won't it disrupt the traversal zone?

 

ExpressWay version is 8.11.4

Regards,

Tieken

0 Helpful
1 Reply 1

Jaime Valencia
Cisco Employee
Cisco Employee

‎03-27-2020 08:31 AM

No, you can only have one server certificate on the expressways, you'll need to generate a new CSR from EXP-E or your own from openssl (or any other tool you like), have it signed, and upload it.

If I recall correctly, it does call for a reboot so services can start using the new certificate.

If you keep the trust chain and the same CN/SAN there should be no problem with your traversal zone.

HTH

java

if this helps, please rate
0 Helpful
Customers Also Viewed These Support Documents