Re: MRA with Universal Device Template - Model-independent Security Profile

Frank Mittrup · ‎12-22-2017

Hi all,

to register a DX or 78/88 phone via MRA, we need a phone security profile in the FQDN format to add this as a Subject Alternative Name to the public cert.

Is it allowed to us the "Universal Device Template - Model-independent Security Profile"for all phone models or do we need a phone security profile for each phone model?

Thanks,

Frank

Jaime Valencia · ‎12-22-2017

You only need that if you want to have security all the way and you're using a cluster in mixed mode.

HTH

java

if this helps, please rate

Frank Mittrup · ‎02-12-2018

Hi Jaime,

just configuring MRA on a secure cluster.

Currently I have a public cert at the Expressway-E but without extra FQDN's for the Phone Security Profile.

Status is that I can register a phone using the customer domain as the Phone Security Profile Name and set it to non-secure. Try to find out why it does not work in setting the Phone Security Profile to Encrypted or using a different Phone Security Profile Name (not mentioned as a Subject Alternate Name) in the non-secure mode.

Anyhow, my main question here was, can I use the Model-independent Security Profile for MRA? With this I could just device a single FQDN like phone.company.com and put this into the SAN list rather then defining FQDN's for each phone model like 8811.company.com, 8851.company.com,dx80.company.com,...?

Thanks,

Frank

Jaime Valencia · ‎02-12-2018

Yes, that should work, just notice that you lose some config options using the universal one Vs. the device specific

HTH

java

if this helps, please rate

Sebastian Leuser · ‎02-19-2018

Hello Frank,

I'm running my MRA setup including mixed mode cluster with Universal Device Profile without any issues. All my devices are using only the universal device profiles independent of internally or MRA registered endpoints