cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

235
Views
0
Helpful
3
Replies
Highlighted
Engager

SRTP, CUBE & Multi-SAN CUCM Certificate

I've read two Cisco documents on setting up a secure SIP trunk between CUBE and CUCM. Both documents talk about importing every node's Callmanager certificate into CUBE.

 

But what if you've got a multi-SAN certificate for CallManager? (I.e. One certificate for all nodes in the cluster) Do I have to import the same certificate for each node in the cluster, or is there another way to do it?

Please rate all helpful posts.
Everyone's tags (3)
3 REPLIES 3
Highlighted
Hall of Fame Cisco Employee

Re: SRTP, CUBE & Multi-SAN CUCM Certificate

This follows the same basic rules of certificates/encryption you would follow in CUCM, there's nothing special in that regards.

Most likely the doc you looked at did that because they were using self-signed certs, and then each server acts as a standalone CA.

In my lab as I use the same CA for everything, I generated the CSR request on the ISR, had it signed, then uploaded the same root CA I use in CUCM and the signed certificate and that's it. I'm able to have TLS/SRTP between them

HTH

java

if this helps, please rate
Highlighted
Engager

Re: SRTP, CUBE & Multi-SAN CUCM Certificate

That's good to know. I wondered if something clever was going on and each server's SSL certificate had to be validated against it's name/IP address. So it looks more like that CUBE is just checking that the certificate is recognised and doesn't care where it comes from.
Please rate all helpful posts.
Highlighted
Engager

Re: SRTP, CUBE & Multi-SAN CUCM Certificate

BTW - If my CUCM certificate is signed by a CA (Commercial or othewise) do I need to upload the full certificate chain, or just the CUCM endpoint certificate?
Please rate all helpful posts.
CreatePlease to create content
Content for Community-Ad
Future of Work Virtual Summit Day 5

Cisco COVID-19 Survey