The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
The article covers a scenario in which a certificate has been already renewed via the CA web portal by clicking on the renew button. The procedure to generate a new CSR (Certificate Signing Request) is not included in this document.
Ensure that you have access to the same Windows server which generated the original CSR. In the case when access to the particular Windows server is not available, a new certificate generation has to be followed, as per the configuration guide.
Procedure to upload the renewed certificate on TMS
Import the certificate
In order to import the renewed certificate on the same Windows server where the original CSR has been generated, perform the following steps.
Step 1. Navigate to Start > Run > mmc. Click on File > Add Snap-in > Local Computer (the current user can be used).
Step 2. Click on Action > Import and select the renewed certificate. Select Certificate Store: Personal (chose different if required).
Step 3. Once the certificate is imported, right click on it and open the certificate.
If the certificate has been renewed based on the private key of the same server, the certificate should display: "You have a private key that corresponds to this certificate" as in the example below:
Export the certificate and upload it on TMS
In order to export the renewed certificate along with its private key, perform the following steps.
Step 1. Using the Windows Certificate Manager Snap-in, export the existing private key (certificate pair) as a PKCS#12 file:
Step 2. Using the Windows Certificate Manager Snap-in, export the existing certificate as a Base64 PEM encoded .CER file. Ensure that the file extension is either .cer or .crt and provide this file to the WebEx Cloud Services team.
Step 3. Log into Cisco TMS, and navigate to Administrative Tools > Configuration > WebEx Settings. At the WebEx Sites pane, verify all of the settings including SSO.
Step 4. Click on Browse and upload the PKS #12 private key certificate (.pfx) which you generated at Generating a Certificate for WebEx. Complete the rest of the SSO configuration fields using the password and other information which you selected when generating the certificate. Click Save.
In the case when the private key is available exclusively, you can combine the signed certificate in .pem format with the private key using the following OpenSSL command: