I finished an interesting document with the following requirements:
The CallBridge and WebBridge services are running in the same node.
- The CallBridge service should use the CA-1 Server to sign the CallBridge certificate called CALLBRIDGE.cer.
- The WebBridge service should use the CA-2 Server to sign the WebBridge certificate called WEBBRIDGE.cer.
- The CallBridge must use the subordinate CA generated from CA-1 Server.
- The WebBridge must use the subordinate CA generated from CA-2 Server.
- Create a Bundle CA Called CB-Bundle.cer for CallBridge service using the Subordinate CA and Root certificate of CA-1 server.
- Create a Bundle CA called WB-C2W-Bundle.cer for WebBridge service using the Subordinate CA and Root certificate of CA-2 server.
- Create a certificate chain called WEBBRIDGE-CHAIN.cer for WebBridge3 using the previous subordinate CA, the Root certificate of CA-2 server and the WebBridge certificae.
- Make sure that the CallBridge service will trust only the WebBridge certificate chain signed by only the certificate WB-C2W-Bundle.cer.
- Make sure that the WebBridge service will trust only the CallBridge's certificate signed by onlt the certificate CB-Bundle.cer.
![topo1.PNG topo1.PNG](https://community.cisco.com/t5/image/serverpage/image-id/153491iC104BE0194C8E168/image-size/large?v=v2&px=999)