Issuing Certificate for Cisco Expressway

In order to work in MRA scenarios Cisco Expressway-E servers need to have certificates signed by some Public Certificate Authority. Here is a cheatsheet on how to issue such a certificate for two Expressway-E servers working in HA pair.

First of all: Wildcard certificates are not supported and certificates signed by private CA aren’t supported either. You will need an SSL certificate with a set of Subject Alternative Names.

One certificate is sufficient for two Expressway-E servers working in HA pair. The parameters I typically use are the following:

CN =

SAN =,,,

Where is an URL that will be used to connect to Expressway-E cluster from the outside world; is Expressway-E server 1 outside DNS Record is Expressway-E server 2 outside DNS Record

Then the same certificate can be loaded on both Expressway-E servers.