Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
878
Views
15
Helpful
4
Replies

Expressway Certificates

JustForVoice_2
Level 4
Level 4

‎02-21-2016 07:11 PM - edited ‎03-18-2019 11:49 AM

Hello Everyone,

 

I have a question regarding Expressway certificates. As you know, I have to install certificates between C and E to create a traversal zone. And to disable the pop-up after login from Internet, I have to install a public signed certificate.

My question is, can I install certificates as below:

Expressway-C: ONLY a signed certificate from my own CA (inside the organization).

Expressway-E: a signed certificate from my own CA and another certificate signed by Public CA.

 

Regards,

Labels:
0 Helpful
4 Replies 4

Jaime Valencia
Cisco Employee
Cisco Employee

‎02-21-2016 07:50 PM

Yes, simply install all the root certs as necessary so they trust each other.

HTH

java

if this helps, please rate

JustForVoice_2
Level 4
Level 4
In response to Jaime Valencia

‎02-21-2016 08:18 PM

Thank you for your support,

but how Jabber/Expressway will know which certificate to use? Do I need to configure something?

0 Helpful

Jaime Valencia
Cisco Employee
Cisco Employee
In response to JustForVoice_2

‎02-21-2016 09:34 PM

Have you reviewed the MRA guides???

Jabber clients must verify the identity of the VCS Expressway they are connecting to by validating its server certificate. To do this, they must have the certificate authority that was used to sign the VCS Expressway's server certificate in their list of trusted CAs.

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-7/Mobile-Remote-Access-via-VCS-Deployment-Guide-X8-7.pdf

HTH

java

if this helps, please rate

Mohamed Amine Jaafar
Level 4
Level 4
In response to JustForVoice_2

‎02-22-2016 04:19 AM

One Expressway server (Expressway -C or -E) uses a single and only one certificate when communicating with servers/clients eg Jabber.

But a server can verify the identify of multiple servers through certificates signed with different authorities.

To make a server trust the certificate of another party, you mustadd the root certificate of the CA that signed/generated that certificate to its trusted root certificate store..

Expressway communicates with his (single) certificate but can trust many.

0 Helpful
Customers Also Viewed These Support Documents