Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3285
Views
0
Helpful
2
Replies

Creating a CSR using Expressway

Go to solution
stavropouloss
Level 1
Level 1

‎06-03-2014 02:40 AM - edited ‎03-18-2019 03:03 AM

Hello community.

I'm setting up a telepresence solution with Expways and UCM/IMP. There would be a couple of MX300 G2 and SX20 but 100-200 Jabber clients. I'm trying to setup the traversal zone between Expway Core and Edge using TLS so I have to create the CSRs for the CA.

One of the fields in the Expway Core CSR form asks for the 'Unified CM phone security profile names'. The help says that I have to "Enter the names, in FQDN format, of all of the Phone Security Profiles in Unified CM that are configured for encrypted TLS and are used for devices requiring mobile and remote access. They are required to ensure that Unified CM can communicate with Expressway-C via a TLS connection when it is forwarding messages from devices that are configured with those security profiles."

The document 'Cisco Expressway Certificate Creation and Use Deployment Guide Cisco Expressway X8.1' in the section 'Server certificates and Unified Communications' says:

"The names, in FQDN format, of all of the Phone Security Profiles in Cisco Unified CM that are configured for encrypted TLS and are used for devices requiring remote access. This ensures that Cisco Unified CM can communicate with Expressway-C via a TLS connection when it is forwarding messages from devices that are configured with those security profiles. A new certificate may need to be produced if chat node aliases are added or renamed, such as when an IM and Presence node is added or renamed, or if new TLS phone security profiles are added. You must restart the Expressway-C for any new uploaded server certificate to take effect."

So what do I have to put in this field I don't understand.

Please advise.

Thank you

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
heathrw
Level 4
Level 4

‎06-10-2014 09:24 PM

Hi,

From the documentation I understand that you enter the FQDN entries of the UCM security profiles configured as per Page 11, Step 3 

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-1/Mobile-Remote-Access-via-VCS-Deployment-Guide-X8-1-1.pdf

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
heathrw
Level 4
Level 4

‎06-10-2014 09:24 PM

Hi,

From the documentation I understand that you enter the FQDN entries of the UCM security profiles configured as per Page 11, Step 3 

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-1/Mobile-Remote-Access-via-VCS-Deployment-Guide-X8-1-1.pdf

 

0 Helpful

Go to solution
stavropouloss
Level 1
Level 1

‎06-23-2014 01:20 AM

heathrw' s answer is correct. The information you need is already in this document. I didn't see it the first time I read the document. You can find it in page 11 under the section "Unified CM". There's also a screenshot in there with the name that the profile should have.

To anyone who is not familiar with the certificate procedure and encrypted end points, you should know that these names should be in the CSR you make for the expc. There's no need to be resolvable A records in your DNS they just used for the TLS negotiation between the expc and the endpoints registered to the CM environment internally.

0 Helpful
Customers Also Viewed These Support Documents