CSR certificate

We want to sign our Expressway certificate signing request (CSR)

Hi @Majid, and welcome to the LE community forum :slight_smile:

Until they (Cisco) incorporate an easy menu driven method to install and renew certs...
You will have to:

  • look for an online client that accepts a CSR (simplest method)
  • use an ACME client that allows for using your own CSR (not so simple)

Of course, neither of these methods can be easily automated (possibly not at all).
So you will have to redo the step(s) every 60-90 days.

Things to keep in mind:

  • The FQDN must be from a public domain (not from .local or such).
  • There must be a way for you to prove control of the FQDN (usually via HTTP or DNS authentication)
2 Likes

Apparently they do have ACME support on some version: Cisco Expressway Certificate Creation And Use Deployment Guide (X12.5) - Use ACME on Expressway-E [Cisco Expressway Series] - Cisco

The main issue with renewing certificates on these types of devices is scripting the update so that the change can be automated (getting a certificate is relatively easy). If you can figure out how to script the update of the certificate file (e.g via ssh) then this can be automated.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.