Cisco Expressway and Expressway Edge devices need to have their trusted certificate list updated.
What certificates do I need for a TLS connection to Cisco Webex Video Platform meetings?
What is the Certificate Provider Update for Cisco Webex Video Platform?
How are the trusted certificates updated for Cisco Expressway and Expressway Edge devices?
How do I update the root certificate for Cisco Webex Video Platform meetings?
Calls to Webex from Cisco Expressway and Expressway Edge devices are failing due to an invalid root certificate.
Solution:
Cisco Expressway and Expressway Edge devices need to have their trusted certificate list updated.
To fix the problem:
Add the following Certificate to your Trusted Root CA Store on your Cisco Expressway-E or Expressway edge devices whether or not you are using Certificate Revocation.
All users of Cisco Webex Video Platform, please update your trusted CA list on your Cisco Expressway-E /Expressway edge traversal devices for connections to Webex, otherwise calls from the TelePresence side may fail to join.
To download the new certificate:
Managing the trusted CA certificate list
The Trusted CA certificate page (Maintenance > Security certificates > Trusted CA certificate) allows you to manage the list of certificates for the Certificate Authorities (CAs) trusted by this Cisco Expressway. When a TLS connection to Cisco Expressway mandates certificate verification, the certificate presented to the Cisco Expressway must be signed by a trusted CA in this list and there must be a full chain of trust (intermediate CAs) to the root CA.
To upload a new file containing one or more CA certificates, Browse to the required PEM file and click Append CA certificate. This will append any new certificates to the existing list of CA certificates. If you are replacing existing certificates for a particular issuer and subject, you have to manually delete the previous certificates.
For further information please refer to the following, which cover all of these topics in greater detail: