08-24-2015 07:04 AM - edited 03-17-2019 05:27 PM
Hi,
I'm considering the Public Certification on all Cisco Collaboration servers.
Actually, I have to use the MRA on Jabber and MRA on CP-78XX CP-88XX DX series phones, so I have to consider the sign the public certs on Expressway.
I searched some forum said we only need to sign the Expressway-Edge is enough. Expressway-Core also is no need to sign the Public certs for RMA features? Then I purchase the 1 x Standard UCC SSL with 3 x names [FQDN on Expressway-Edge; FQDN on Expressway-Core; VoiceDomain+PresenceDomain = abc.com] of SANs on Godaddy is fine?
Otherwise, I have to sign the 1 x UCC SSL Public cert on CWMS with 3 x names of SANs [meeting.abc.com; FQDN on CWMS; FQDN on IRP]. If not sign that, the iPad & iPhone cannot join into the Webex meeting.
Am I correct as the above statements?
08-24-2015 06:59 PM
The only thing that requires a publicly signed cert, is ANYTHING that will be configured to use TLS towards the internet; so CWMS proxy and VCS-expressway. require publicly signed certs, all else can use internal CA signed certs.
09-04-2015 02:19 PM
ExpC doesnt need public CA. internal CA works fine.
EXP-E requires public CA.
(FQDN Exp-E, PResence domain, Chat nodes,Voice domain etc)
i assume your domain is abc.com (same internal + External, Voice + SIP Domain)
1. FQDN EXP-E (expe.abc.com)
2. SIP/DNS/XMPP Domain (abc.com)
3. chat alias name (chat.abc.com) - optional
so your SAN Will be
expe.abc.com
abc.com
chat.abc.com
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide