Hi Ayodeji,

Thanks for your response ...

Just FYI, We have standalone collaboration solution with expressway C and E. I have not added any extra SANs, Vendor see these in CSR generated from expressway E and C application.

for e.g

My domain is xyz.com..

FQDN of expressway E -  expe.xyz.com

SAN's - expe.xyz.com, xyz.com, confereance2XXX.xyz.com

Due to above entries in SAN vendor asking to go for multi domain certificate.

Is the single domain CA certificate will work in our solution.??

Thanks,

Vinod Kembhavi

Your vendor is right. When you have entries in the SAN ( it doesn't even matter if its just additional hostnames or different domain names), most vendors will request you to purchase a multi domain certificate.

In your case, you will need the multi domain cert, because it looks like you have persistent chat server defined and without the "confereance2XXX.xyz.com" (which I assume its the persistent chat server name), you will run into issues.

Hi Ayodeji,

Thanks for your response,  We don't have any persistent chat server in solution.

We have only Expressway C and E , VCS, CUCM, IM & P, Unity connection in solution without any redundancy..

Ok..What is this hostname for? "confereance2XXX.xyz.com" This has been added while you generated your CSR.

If you only have a single expwe and expwc, then you can regenerate your CSR and delete any entry in the SAN. This way you will only have the FQDN of the expwe in the common name and you can use a single domain certificate

NB: that if you have a cluster of expwe, then you need to have entries int he SAN as follows and in this case you will need multiple domain certificate

Common name: FQDN of expw cluster

subject alternate names: FQDN of expw cluster plus FQDN of all peers in the cluster

I had discard the CSR generated earlier and tried to generate CSR with DNS format under Unified CM registration domains option on both Expressway C and E, now I can see only  FQDN of Expressway-E and domain name in SAN entry.

Just FYI, I can see two format " DNS" and " SRVName" under CM registration domains option so what need to selected while generating CSR request ..

First of all, I don't see how you cant get away with single domain certificate. I have looked into this more. This is because you need to add your domain name in the SAN as detailed below.

Secondly, I am not sure where you are going to generate the certificates from..You should generate your CSR from here..

Go to Maintenance > Security certificates > Server certificate

NB: Customer’s service discovery domain is required to be included as a DNS SAN in all Expressway-E server certificates

This is what the CSR page looks like

Hi,

Yes I had generated CSR from same location " Maintenance > Security certificates > Server certificate" l

Now i can see only two DNS SAN entries in CSR generated on EXP-E i.e (FQDN) expe.xyz.com , xyz.com ( Main Service Domain).

And only one entry in CSR generated on EXP-C  i.e  (FQDN) expc.xyz.com

IS this conclude that solution required single domain certificate??

No, you will need a multi domain certificate as long as you have entries in your SAN (which you need for this deployment). ensure you add the main domain name on the CSR for expw-c too.

Hi Ayodeji,

Thanks for your support, i had ask CA certificate issuer vendor to provide the trial certificate for single domain which will include the FQDN and main domain for both the expressway C and E application server.

Will update you once we gets trail certificate for testing from CA Vendor..

Hi!

I have the same problem and I'm wondering if you could find a solution for this.