New to Expressway C and E and need help with certificates.

johnk · ‎06-29-2015

So, I'm new to expressway C and E and need to get the certificates going but I'm not really finding something to satisfy me.

We have a pretty basic expressway setup with (right now) just IMP and CUCM that will be served through the expressway. Expressway E is on the wild public and Expressway C is on the inside network that is an old .local network.

I'm getting the idea that for for Expressway E we'll need a UCC SAN certificate (for our example) that contains the names

expresswaye.domain.com

IMP.domain.com

CUCM.domain.com

And any additional servers that we have or implement that need traversal through the expressway. If someone could confirm this for me, I'd appreciate it.

However, I'm pretty confused by the certificates on the inside - I see lots of things that say use OPEN SSL or AD certificate (which we have an AD certificate authority). Lately I've tried using more third party certificates in order not to have to install an authority certificate in addition to the end certificate. This doesn't seem to be an option due to the .local domain extension.

So I'm confused in this instance. I'm not really sure how using an AD certificate authority is better than using a self-signed certificate.

All guidance is appreciated.

Thank you.

John

Chad Patterson · ‎06-29-2015

Hey John,

It sounds like you are trying to deploy Mobile and Remote Access. Is that correct? If so i would check out this document here:

http://www.cisco.com/c/en/us/support/docs/unified-communications/expressway-series/117811-configure-vcs-00.html

It explains how to configure certificates on Expressways in a multi-domain environment. In your case you have .local on your internal systems and will have an external domain on your Expressway-E. See if this guide answers some of your questions.

johnk · ‎06-29-2015

This is a good document that I hadn't seen. Let me give it a look.

Thank you!