Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Two WSAs with HTTPS Proxy: one certificate for both or two separate certficates?

We have two WSAs with enabled HTTPS Proxy, they are behind a load balancer. I have two questions:

- Is it possible to export the already implemented self-signed certificate and its private key from WSA1 to import it into WSA2, so that both use the same certificate? 

- If not, are there any issues if each WSA has it's own self-signed certificate and we push both certificates to the trusted root CAs of our clients?

 

I could not find any relevant info in the manuals. Thanks for any input.

 

Everyone's tags (1)
3 REPLIES

I haven't tried with the self

I haven't tried with the self signed one, you may have an issue if it doesn't let you download the key.   I don't think it will.

Double check me:

On the box you want to export from, Go to Security Services/HTTPS Proxy.

Click on the Edit Settings... button at the bottom.  There should be a link there to download the cert...

Download it, check if the key is there.  You can open the PEM file with NOTEPAD, and if the key is there, you'll see it...

 

 

The cert and key are in the config file... I'm not sure if the SMA will duplicate certs/keys between boxes, but I think it does, so if you're using one you may just need to import the config and push it down to both boxes again.

 

Otherwise you could load the config from one box onto the other (if you're running pre 8.0, remove the network stuff, if you're running 8.x make sure "Load Network Settings" box is unchecked.)


 

 

 

New Member

Thanks for your reply.I had

Thanks for your reply.

I had already checked that, unfortunately in the PEM file there is no private key exported.

We also have no SMA to try and duplicate it.

For now we solved it like this:

Each WSA has its own certificate, we pushed both to the clients. 

New Member

System Administration -

System Administration - Configuration File 
Download current configuration, untick "mask passwords".

You will find both the cert and the key in the XML.
However, the key is password protected... Still waiting for support to tell me where I find this password.

129
Views
0
Helpful
3
Replies