12-22-2017 01:00 AM - edited 03-13-2019 10:07 PM
Hi all,
to register a DX or 78/88 phone via MRA, we need a phone security profile in the FQDN format to add this as a Subject Alternative Name to the public cert.
Is it allowed to us the "Universal Device Template - Model-independent Security Profile"for all phone models or do we need a phone security profile for each phone model?
Thanks,
Frank
12-22-2017 07:06 AM
You only need that if you want to have security all the way and you're using a cluster in mixed mode.
02-12-2018 02:54 AM
Hi Jaime,
just configuring MRA on a secure cluster.
Currently I have a public cert at the Expressway-E but without extra FQDN's for the Phone Security Profile.
Status is that I can register a phone using the customer domain as the Phone Security Profile Name and set it to non-secure. Try to find out why it does not work in setting the Phone Security Profile to Encrypted or using a different Phone Security Profile Name (not mentioned as a Subject Alternate Name) in the non-secure mode.
Anyhow, my main question here was, can I use the Model-independent Security Profile for MRA? With this I could just device a single FQDN like phone.company.com and put this into the SAN list rather then defining FQDN's for each phone model like 8811.company.com, 8851.company.com,dx80.company.com,...?
Thanks,
Frank
02-12-2018 07:15 AM
Yes, that should work, just notice that you lose some config options using the universal one Vs. the device specific
02-19-2018 08:13 PM
Hello Frank,
I'm running my MRA setup including mixed mode cluster with Universal Device Profile without any issues. All my devices are using only the universal device profiles independent of internally or MRA registered endpoints
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide