Cisco Unified MeetingPlace Express, Release 2.x -- Generating Certificate Signing Requests (CSRs) and Obtaining Certificates
This topic describes how to obtain certificates by generating certificate signing requests (CSRs) from the Administration Center and sending the CSRs to a CA that issues certificates. You only need to generate CSRs the very first time you are installing SSL or if you are replacing expired SSL certificates.
Caution! If you already have valid SSL certificates installed on your Cisco Unified MeetingPlace Express server, generating new CSRs will make the existing SSL certificates invalid. Proceed only if you are installing SSL certificates for the first time or if you are replacing expired SSL certificates.
- The certificates must be in privacy enhanced mail (PEM) format. See the Changing the Format of an SSL Certificate for information on converting certificate formats.
Before You Begin
- SSL must be disabled to generate CSRs.
- The CSRs and resulting certificates use the hostnames that were entered during the Network Setup of the operating system installation:
- The certificate for the End-User Interface and Administration Center uses the hostname assigned to Ethernet Port 1 (device eth0).
- The certificate for web conferencing uses the hostname assigned to Ethernet Port 2 (device eth1).
- If you change the hostnames in your system, you must obtain new certificates.
- See the Installation and Upgrade Guide for Cisco Unified MeetingPlace Express Release 2.x for information about installing the operating system.
- Log in to Cisco Unified MeetingPlace Express and click Administration.
- Do one of the following:
- To obtain certificates for the primary server, click Certificate Management > Generate CSRs.
- To obtain certificates for the secondary server, click System Configuration > SMA Configuration > SMA Certificate Management > SMA Generate CSRs.
- Enter values in the fields on the Generate Certificate Signing Requests (CSRs) page (for the primary server or the SMA Generate CSRs page for the secondary server).
- Note: Some CAs do not recognize two-letter state abbreviations so use the full state name.
- Click Generate CSRs.
Caution! Only click Generate CSRs once. If you make changes to the values you entered on the page, for example, you change the organization name, and then click Generate CSRs again, the certificates you eventually receive will not work with your system. Do not make any changes to the values you entered on this page and do not click Generate CSRs more than once. Doing so will result in the certificates not working on your system.
- If SSL is enabled, the system displays a message stating that you cannot generate CSRs and takes you back to the Generate Certificate Signing Requests (CSRs) page.
- If SSL is disabled, the system displays a warning message stating that generating CSRs will destroy any existing private keys and public certificates in use. Any signed certificates that are currently pending will be deleted and you will have to reapply for them. Click OK to continue.
- On the Download Certificate Signing Requests page, select either of the CSRs and click Download CSR.
- In the File Download dialog box, click Save.
- In the Save As dialog box, do the following:
- In the Save in field, navigate to the directory where you want to save the CSR.
- Under File name, the name of the file is displayed. If your browser added anything to the file name, such as  in the middle, delete that.
- Under Save as type, select All Files from the drop-down list. (If you do not do this, the system saves the file with a .htm extension.)
- Click Save.
- Repeat Step 5 through Step 7 for the other CSR.
- Send these two CSRs to a CA, who will generate certificates and send them to you. (You can download the CSRs from your Cisco Unified MeetingPlace Express system to a PC and then use a standard e-mail program to e-mail the CSRs to a CA.)
- Note: The certificates must be in privacy enhanced mail (PEM) format.