CSR CREATION & INSTALL SSL CERTIFICATE IN CISCO UNIFIED MOBILITY ADVANTAGE 
 

CSR CREATION FOR CISCO MOBILITY SERVER 

If you already have your SSL Certificate and just need to install it, see SSL Certificate Installation for Cisco Mobility Server below.

 

HOW TO CREATE A CSR FOR A CISCO UNIFIED MOBILITY SERVER

For those who may not be familiar with SSL certificate management using an SSL keystore file, Cisco Unified Mobility Servers have a built in interface to help guide you through your CSR creation process.

Note: During the initial server configuration you may have created a self signed certificate. These instructions aim not at creating a self signed certificate, but a fully functional, CA signed ssl certificate.

 

CREATE YOUR KEYSTORE/CSR

1.  From the Cisco Unified Mobility Advantage Admin Portal, choose the 'SSL Certificate Management' option, and then 'Generate New Certificate'.

2. Enter the requested information into the provided fields:

  • Server Name: Also known as your common name, this is usually the fully qualified domain name through which your server will be accessed externally (e.g., www.yourdomain.com or *.yourdomain.com).
  • Department Name: The name of your department within your organization. If this is not applicable, go ahead and enter the organization name twice.
  • Company Name: The full legal name of your organization. For example, if your organization is named Example Company Name, Inc, but goes by Example, enter Example Company Name, Inc.
  • City: Usually the main office of your organization. The city does not need to be the city where you or your server is located.
  • State: Usually the location of your organization's main office. Once again, this does not need to have a bearing on your current location or the location of your server.
  • Country Code: If this is not familiar to you, you can find your country code here.
  • Password: You will need your password to modify your keystore later. This password should be a minimum of six characters in length.

3. Click the button to 'Submit'.

4. A screen should appear with a link to download your keystore file. You can name the keystore anything you like, give it a .keystore extension.
 

5. If there is also a link to download your CSR, download and save that file now. Otherwise, go back under 'SSL Certificate Management' and choose to 'Retrieve CSR'.

6. You will have to select the keystore file that was just created, enter your password, and then click 'Submit'.

7. A CSR will usually be saved as a .csr or .txt file.
 

8. The entire body of your CSR file will need to be copied and pasted into the box provided during TRUSTZONEs online order process. When asked by TRUSTZONE to select your server type, make sure to select Java.
 

9. After you receive your SSL Certificate from TRUSTZONE, you can install it.

 

IMPORTING YOUR SIGNED SSL CERTIFICATE FILES TO THE KEYSTORE
 

1.  Log onto your Admin Portal and select 'SSL Certificate Management'.
 

2. Choose the option to 'Import SSL Certificate'.

3. Browse to the keystore file created during the CSR creation process. In the password field, enter the password you created when creating the keystore file.<

4. For Intermediate Certificate, choose false. Then, paste in the entire body of the your_domain_name.p7b file that you will have received from TRUSTZONE.

5. If you did not receive a .p7b format file, you may need to reissue your certificate, making sure to choose Java as your server type.

6. Click 'Submit', then download the final SSL certificate keystore file. You can name the file anything you choose, such as mykey.keystore.

7. Your keystore is now ready for use.

ENABLING YOUR SSL CERTIFICATE IN THE CISCO UNIFIED MOBILITY ADVANTAGE ADMIN PORTAL  
 

1.  Log into the Admin Portal and select 'SSL Certificate Management'.

2. Choose the option to 'Upload Certificate', browse to your newly created keystore, and enter the same password that you used when creating the keystore to enable the certificate for use by your server.

3. Go to Server Controls > Cisco > Control Server, and then stop and start your Managed Server

4. Your server should now be configured to use your newly created keystore and certificate files.

5. Your certificate file can be exported for use with other Cisco devices using keystores, including any applicable proxy servers.
 

TROUBLESHOOTING 
  • If your secure server is publicly accessible, our SSL Certificate Check tool can help you diagnose common problems.
     
  • Open a web browser and visit your site using https. It is best to test with both Internet Explorer as well as Firefox, because Firefox will give you a warning if your intermediate certificate is not installed. You should not receive any browser warnings or errors. If you immediately receive a browser message about the site not being available, then the server may not yet be listening on port 443. If your web request takes a very long time, and then times out, a firewall blocking traffic on TCP port 443 to the web server.
     

Last updated: August 4, 2017