ExpC doesnt need public CA.

Chi Fai Leung · ‎08-24-2015

Hi,

I'm considering the Public Certification on all Cisco Collaboration servers.
Actually, I have to use the MRA on Jabber and MRA on CP-78XX CP-88XX DX series phones, so I have to consider the sign the public certs on Expressway.
I searched some forum said we only need to sign the Expressway-Edge is enough. Expressway-Core also is no need to sign the Public certs for RMA features? Then I purchase the 1 x Standard UCC SSL with 3 x names [FQDN on Expressway-Edge; FQDN on Expressway-Core; VoiceDomain+PresenceDomain = abc.com] of SANs on Godaddy is fine?

Otherwise, I have to sign the 1 x UCC SSL Public cert on CWMS with 3 x names of SANs [meeting.abc.com; FQDN on CWMS; FQDN on IRP]. If not sign that, the iPad & iPhone cannot join into the Webex meeting.

Am I correct as the above statements?

Dennis Mink · ‎08-24-2015

The only thing that requires a publicly signed cert, is ANYTHING that will be configured to use TLS towards the internet; so CWMS proxy and VCS-expressway. require publicly signed certs, all else can use internal CA signed certs.

Please remember to rate useful posts, by clicking on the stars below.

Ammar Saood · ‎09-04-2015

ExpC doesnt need public CA. internal CA works fine.

EXP-E requires public CA.

(FQDN Exp-E, PResence domain, Chat nodes,Voice domain etc)

i assume your domain is abc.com (same internal + External, Voice + SIP Domain)

1. FQDN EXP-E (expe.abc.com)

2. SIP/DNS/XMPP Domain (abc.com)

3. chat alias name (chat.abc.com) - optional

so your SAN Will be

expe.abc.com

abc.com

chat.abc.com

HTH

Public Certification on Cisco Collaboration System