Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


install a certificate on Cisco ExpressWay

The method of installing the certificate on Cisco ExpressWay depends on how you generated the CSR

  • CSR generated via Cisco ExpressWay interface: see below

  • CSR generated via a command line tool like OpenSSL: you will have to import the private key (not password protected) in Cisco ExpressWay

  • CSR generated via our online Keybot tool: the private key (.pkey file) being protected by a password, it will be necessary to remove it.
    To do this, you can use OpenSSL (more information) orour online tool
    Once this is done, you can follow the procedure below.

Installation of the certificate

To find your certificate, it is available either via a link in the delivery email, or via the status page of your certificate, "View certificate" button.

  • Go to Maintenance > Security certificates > Server certificate
    For version X7.2.2, go to Maintenance > Certificate Management > Server certificate

  • In the "Upload new certificate" section, click on Browse to get your certificate
    If you generated your CSR other than through the Cisco ExpressWay interface, you must also enter your private key in the "Select the server private key file" field.

  • Click on Upload server certificate data

Configuration of root and intermediate certificates

According to official Cisco documentation, the configuration of intermediate and root certificates differ greatly depending on the version of Cisco ExpressWay.

To find your certification chain as well as the root certificate of your certificate, go to the status page of your certificate, button "View certificate". On the pop-up that appears, click on the "View the certification chain" link to see the intermediate certificates, or click on "View the root certificate" to see the root.

Cisco ExpressWay X7.2.2

In this version, there is already a pre-established list of 140 authority certificates. If necessary, it is possible to add more. This will be the case for example when there will be one or more intermediate certificate (s) in the certification chain

  • Go to Maintenance > Certificate management > Trusted CA certificate

  • Click on Show CA Certificate

  • Copy paste the entire content in a text editor (Notepad for example)

  • Find (Ctrl + F) if your root certificate is present. If not, add it.

  • Once the root certificate is present, copy the intermediate certificate linked to this root certificate just above it.
    Please note : if your certification chain includes several intermediate certificates, you must also copy it to this file. However, be careful to respect the hierarchical order below:
    • 1st intermediate certificate
    • 2nd intermediate certificate (if present)
    • Root certificate

  • Once all this is done, save the file in PEM format, for example "certificates_autorities.pem"

  • On the "Trusted CA Certificate" page, clickBrowse to enter the file you have just saved and then click on Open

  • Finally click on Upload CA certificate

Cisco ExpressWay X8.1

For this version, there is no preinstalled certificate. It is up to you to import the root and intermediate certificates used for your certificates.
For information, here are two links that will allow you to access all of these authority certificates:

you can also find your root certificate and / or your intermediate certificate from the certificate status page, "View certificate" button. Once the certificate is downloaded, rename its extension in .pem
To import a root or intermediate certificate:

  • Go to Maintenance > Security certificates > Trusted CA certificate

  • Click on Browseand fill in the certificate path.

  • Next, click on Open

  • Finally, click on Append CA Certificate

Useful links