Number of SSL Certs required for Expressway E/C and Jabber

Brian Carlson · ‎06-16-2015

Hello,

We are implementing Expressway Core and Edge servers to allow users to login to Jabber from outside the organization, and don't want users seeing SSL warnings. I'm trying to determine the number of SSL certs required for this project. We are planning to order a SAN cert.

Here is our environment;

1x CUCM Publisher 10.5

1x CUCM Subscriber 10.5

1x Unity Connection 9.1

1x IM & Presence 10.5

1x Expressway Core

1x Expressway Edge

The documentation for Expressway mentions that on the IM & Presence server, I need to generate a CSR on both the tomcat and cup-xmpp. All others require a CSR generated only on tomcat.

Does this mean I need to order a SAN cert containing 7 hostnames even though we only have 6 servers? Is an SSL cert required for all of the above products to allow Jabber users to connect without any SSL warnings?

Carlo Poggiarelli · ‎06-17-2015

Hi Brian.

If users devices recognize your internal CA you can trust all server certificates with it .

Anyway cisco recommends to trust all tomcat certificates on UC servers and Server certificates on both Expressway E and C with a public CA.

Personally I deployed collaboration edge to one of my customers trusting only Exp E server certificate with a Public CA and all other certificates with internal CA.

Keep in mind that Exp E certificate MUST be signed with a public CA if you want to deploy Endpoints such as DX series or 88XX series to remote users to let them to join your UC services through MRA.

HTH

Regards

Carlo

Please rate all helpful posts "The more you help the more you learn"