Cisco Community
English
Register
Learn how you can enter a giveaway for a FREE Cisco 730 Headset
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
399
Views
0
Helpful
3
Replies
Highlighted
Gordon Ross
Engager
Engager
‎10-09-2019 08:29 AM
‎10-09-2019 08:29 AM

SRTP, CUBE & Multi-SAN CUCM Certificate

I've read two Cisco documents on setting up a secure SIP trunk between CUBE and CUCM. Both documents talk about importing every node's Callmanager certificate into CUBE.

 

But what if you've got a multi-SAN certificate for CallManager? (I.e. One certificate for all nodes in the cluster) Do I have to import the same certificate for each node in the cluster, or is there another way to do it?

Please rate all helpful posts.
Labels:
0 Helpful
Reply
3 REPLIES 3
Highlighted
Jaime Valencia
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee
‎10-09-2019 08:57 AM
‎10-09-2019 08:57 AM

This follows the same basic rules of certificates/encryption you would follow in CUCM, there's nothing special in that regards.

Most likely the doc you looked at did that because they were using self-signed certs, and then each server acts as a standalone CA.

In my lab as I use the same CA for everything, I generated the CSR request on the ISR, had it signed, then uploaded the same root CA I use in CUCM and the signed certificate and that's it. I'm able to have TLS/SRTP between them

HTH

java

if this helps, please rate
0 Helpful
Reply
Highlighted
Gordon Ross
Engager
Engager
In response to Jaime Valencia
‎10-09-2019 09:53 AM
‎10-09-2019 09:53 AM

That's good to know. I wondered if something clever was going on and each server's SSL certificate had to be validated against it's name/IP address. So it looks more like that CUBE is just checking that the certificate is recognised and doesn't care where it comes from.
Please rate all helpful posts.
0 Helpful
Reply
Highlighted
Gordon Ross
Engager
Engager
In response to Jaime Valencia
‎10-09-2019 10:09 AM
‎10-09-2019 10:09 AM

BTW - If my CUCM certificate is signed by a CA (Commercial or othewise) do I need to upload the full certificate chain, or just the CUCM endpoint certificate?
Please rate all helpful posts.
0 Helpful
Reply
Latest Contents
🎧 Cisco Headsets: Troubleshooting and FAQ 🎧
Created by davidfit on 03-03-2021 05:48 AM
0
0
0
0
Coming soon
Global availability and Cloud Connected PSTN options for Cis...
Created by jenkang on 03-02-2021 10:06 AM
8
40
8
40
Learn: How to configure Cloud Connected PSTN with Webex Calling CCP Provider Name Product Home Page Link Webex Calling Customer Region Countries Supported by Provider Free Trial Link Contact Provider Link Alphalink Home EU FR & LU Free Trial... view more
Leveraging SBCs to Empower a Changing World of Collaboration...
Created by ciscomoderator on 02-23-2021 09:10 PM
0
5
0
5
Meet the Authors Video - Leveraging SBCs to Empower a Changing World of Collaboration (Live event – Tuesday, 16th, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris) This event had place on Tuesday 16th, February 2020 at 10am PST ... view more
Leveraging SBCs to Empower a Changing World of Collaboration...
Created by ciscomoderator on 02-23-2021 07:09 PM
0
0
0
0
This event had place on Tuesday 16th, February at 9:30am PST Introduction The need for virtual collaboration across individuals, teams, organizations, and industries has been significantly changed with the global challenges presented in 2020. The indust... view more
**New Episode** Cisco Champion Radio: S8|E8 Future of Work w...
Created by aalesna on 02-23-2021 02:56 PM
0
0
0
0
Cisco Champion Radio · S8|E8 The Future of Work with Cognitive Collaboration Cognitive Collaboration brings together intelligence and context throughout all collaboration experiences. Bridging AI and ML capabilities with insight and the context of the me... view more
Content for Community-Ad