Adding an Existing Certificate to Cisco Expressway Edge

I currently have a certificate that provides the HTTPS functionality for this website as well as my web mail access.  As there is the capability to add Subject Alternate Names (SAN) to the certificate, it was ideal to enable the existing certificate for the Cisco Expressway Edge server.  The requirements with Cisco’s Expressway server is that a private key decryption password is not allowed, and my private key requires a password.

This is more of a unique configuration as a traditional installation would generate the certificate request from the Expressway web page, take the CSR file to their certificate authority, and reimport the paid-for keys.  For me, I used an Ubuntu server to generate the private keys used for the certificate generation and also add a password to allow access to said private keys.

In my referenced setup, I have a *.key file which is the generated private key.  The configuration to output that key into a new file without a pass phase is surprisingly easy once the syntax is correct.

root@blog:/etc/ssl/private# openssl rsa -in private.key -out nopasswordprivate.key -passin pass:Password01!

In this example, the example password used to sign the key was Password01!. With that nopasswordprivate.key file created, I was then able to use that file as the private key input for Cisco’s Expressway server.   I then used the provided certificate as the server certificate file.

Expressway Edge Confirmation

After a reboot, the certificate was applied.

Expressway Edge Signed Certificate










Thanks for reading! This is certainly in part a reminder for myself when my certificate is renewed again in January. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *