Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10938
Views
0
Helpful
4
Replies

Cisco 8845 over MRA

aniket0422
Level 1
Level 1

‎04-12-2017 12:08 PM - edited ‎03-18-2019 12:13 PM

Hi All,
We have working MRA setup. Jabber over MRA works fine.
We want to register Cisco 8845 IP phone over the Internet using this MRA setup.
Can someone please help to understand additional setup required for same.

Have followed this document : https://ciscocollab.wordpress.com/2015/05/26/collab-edge-mra-for-78008800dx-series-endpoints/ 
But getting error message "Server Certificate Validation Failed. Contact your administrator"

I have used attached Public Root Certificate on my VCS-E.

2 people had this problem
Labels:
geo-trust-primary-ca.zip
0 Helpful
4 Replies 4

Manish Gogna
Cisco Employee
Cisco Employee

‎04-12-2017 11:38 PM

Hi Aniket,

Cisco recommends Expressway version X8.7 (or later) for use with Cisco 78xx/88xx Series IP Phones. For MRA with these phones, please be aware of the following:

If the phone security profile for any of your phones have TFTP Encrypted Config checked, you cannot use the phone with Mobile and Remote Access. This limitation is because the MRA solution does not support devices interacting with CAPF (Certificate Authority Proxy Function).

For a phone to authenticate an Expressway certificate and establish a TLS session, the Expressway certificate must be signed by a public Certificate Authority that is trusted by the phone firmware. It is not possible to install or trust other CA certificates on phones for authenticating an Expressway certificate.

The list of CA certificates embedded in the phone firmware is available at http:/​/​www.cisco.com/​c/​en/​us/​support/​collaboration-endpoints/​unified-ip-phone-8800-series/​products-technical-reference-list.html.

Mobile and Remote Access Through Expressway works with Cisco Expressway so you should be familiar with the Cisco Expressway documentation, including the Cisco Expressway Administrator Guide and the Cisco Expressway Basic Configuration Deployment Guide.

Only the IPv4 protocol is supported for Mobile and Remote Access Through Expressway users.

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/8800-series/english/adminguide/P881_BK_C136782F_00_cisco-ip-phone-8800_series/P881_BK_C136782F_00_cisco-ip-phone-8811-8841_chapter_01011.html

HTH

Manish

0 Helpful

arashad
Level 1
Level 1
In response to Manish Gogna

‎09-20-2018 02:48 AM

Hi Aniket,

 

 

I put public CA root on expressway E and signed the Exp E certificate from public CA , IS it needed to make the same steps on EXP C ?

Kindly be noted that  i trust and signed the EXP C certificate from internal  CA and put Internal CA root to expressway E also

0 Helpful

Jaime Valencia
Cisco Employee
Cisco Employee
In response to arashad

‎09-20-2018 06:53 AM

No, the only server that needs a public CA is EXP-E, and if you're using it for phones, from the list of CAs that the phones trust.

HTH

java

if this helps, please rate
0 Helpful

arashad
Level 1
Level 1
In response to Jaime Valencia

‎09-20-2018 12:33 PM

Hi Jaime,

 

Thanks for your reply, as per your reply  i understood that i will put public CA on EXP E and generate CSR from it and signed it from public CA and also put internal CA root to trust EXP C and regarding to EXP C i will generate the CSR  and signed it from my internal CA and put internal CA root also.

 

 

0 Helpful
Customers Also Viewed These Support Documents