Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1675
Views
0
Helpful
4
Replies

CUCM Exxpresway-C Trunk TLS connection

Go to solution
macieknowak
Level 1
Level 1

‎09-23-2015 07:10 AM - edited ‎03-18-2019 05:01 AM

Hello,

I am on customer site. I am configurtin SIP TLS trunk beetwen CUCM 10.5 and Expressway C 8.6. I have problem, because I see on Expressway C TLS negotiation Failed.

I am using this documentaion :
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-6/Cisco-Expressway-SIP-Trunk-to-Unified-CM-Deployment-Guide-CUCM-8-9-10-and-X8-6.pdf

The CUCM in in mixed mode.
I uploded the same CA root certyficate to CUCM and Expresway - C and Expresway E.
I generated servers CSR tomcat, CSRcallmenager,CS Expressway C.
I use CA root certyfocate to sing server certyficate.
I upload the server certyficate to CUCM (tomcat, callmenager) nad Expressway C.

Could you check my configuration ?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎09-23-2015 07:48 AM

Did you create the right SIP trunk security profile for that??

Are you using the right set of ports??

Are you using the right CN or SAN from the certs??

HTH

java

if this helps, please rate

View solution in original post

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to macieknowak

‎09-23-2015 10:01 AM

Yes, that's supposed to be the FQDN, or whatever you have in the CN/SAN of the certificate, of the VCS-C, not the CN from CUCM.

HTH

java

if this helps, please rate

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎09-23-2015 07:48 AM

Did you create the right SIP trunk security profile for that??

Are you using the right set of ports??

Are you using the right CN or SAN from the certs??

HTH

java

if this helps, please rate
0 Helpful

Go to solution
macieknowak
Level 1
Level 1
In response to Jaime Valencia

‎09-23-2015 09:19 AM

Hello,

Thaks for replay.


I have checked all seting twice ( with http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-6/Cisco-Expressway-SIP-Trunk-to-Unified-CM-Deployment-Guide-CUCM-8-9-10-and-X8-6.pdf ).

I think I have wrong setting in X.509 Subject name in SIP Profile seting.


What should I write in  "X.509 Subject name" FQDN adress of VCS C ?

I have ddres of cucm now in X.509 Subject name.

 

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to macieknowak

‎09-23-2015 10:01 AM

Yes, that's supposed to be the FQDN, or whatever you have in the CN/SAN of the certificate, of the VCS-C, not the CN from CUCM.

HTH

java

if this helps, please rate
0 Helpful

Go to solution
macieknowak
Level 1
Level 1
In response to Jaime Valencia

‎09-23-2015 10:24 AM

I will check this tommorow I don't have remote addres to client site.
I will check the certyficatesCN/SAN on VCS-C. I shold use the Common Name from cert in my opinion,.

Regarding generaly about CERT on CUCM and VSC.

1.Should I add the CARoot cert to VCS C and the same cert to CUCM in first step ?

2.Generatet the CSR on VCS and CSR callmenager on CUCM.

3.Use the CARoot cert to sing CSR file ( I will have server certyficates).

4.Upload serwer certyficates to CUCM as option callmenager and VCS.

I configured the travelsal zone betwen VCS-C and VCS-E. Trawersal zone working OK.

 

 


 

0 Helpful
Customers Also Viewed These Support Documents