10-09-2019 08:29 AM - edited 10-09-2019 08:30 AM
I've read two Cisco documents on setting up a secure SIP trunk between CUBE and CUCM. Both documents talk about importing every node's Callmanager certificate into CUBE.
But what if you've got a multi-SAN certificate for CallManager? (I.e. One certificate for all nodes in the cluster) Do I have to import the same certificate for each node in the cluster, or is there another way to do it?
10-09-2019 08:57 AM
This follows the same basic rules of certificates/encryption you would follow in CUCM, there's nothing special in that regards.
Most likely the doc you looked at did that because they were using self-signed certs, and then each server acts as a standalone CA.
In my lab as I use the same CA for everything, I generated the CSR request on the ISR, had it signed, then uploaded the same root CA I use in CUCM and the signed certificate and that's it. I'm able to have TLS/SRTP between them
10-09-2019 09:53 AM
10-09-2019 10:09 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide