Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3618
Views
5
Helpful
4
Replies

How to use Lets Encrypt with Cisco Expressway E ?

Go to solution
mm22
Level 1
Level 1

‎04-26-2020 04:31 AM

after checking available documentation and the way Lets Encrypt used by people in general.

 

is it correct to assume that expressway E has inbuilt client to talk to Lets Encrypt ?

 

i'm trying to acheive this, would say about myself "not much experienced with the certificates"

 

 

Mandeep
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roger Kallberg
VIP
VIP
In response to mm22

‎04-27-2020 05:33 AM

That's expected and has nothing to do with Let's Encrypt. This is how SSL works. If you access it via a url that is not part of the list of FQDNs in the certificate, as with the IP you will get this warning.



Response Signature


View solution in original post

0 Helpful
4 Replies 4

Go to solution
Roger Kallberg
VIP
VIP

‎04-26-2020 07:10 AM

Yes it does. The setup of this is covered quite well in the MRA deployment guide for Expressway. For more information please see this document. https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-5/exwy_b_mra-expressway-deployment-guide.html

Recommend you to be on the very latest version of Expressway, currently 12.5.7, as the earlier has some bugs related to this function.



Response Signature


Go to solution
mm22
Level 1
Level 1
In response to Roger Kallberg

‎04-27-2020 02:32 AM

Thanks Roger.

 

i overlooked this section. Page 26 Got it.

 

confused with this though "Ensure that all domains on the SAN have a valid A record (not just the FQDNs). If the record of a domain is already used by another web server, you can configure the collab-edge domain on the CSR and configure an A record for it. "    correct me if i'm wrong, above this statement means if your "company.com" domain is hosted over GoDaddy.com

is it saying, you can specify single FQDN only as expe.company.com in your CSR ??

 

Following may be worth creating another forum as i'm ready to PM someone who can look at this...

(public CA signed certs installed, public domain, premium DNS service, internal Jabber login all good) but it's not coming all up ......(have all topology drawings setup, removed firewalls etc..opened all ports)

 

to give you more insight in the lab environment i've 12.5.7 with CUCM, IMP 12.5 (secured)

currently i have following, but still it's failing (just so you know, in the meantime i got SSL certs from another provider) and i used cisco CSA but shows the SRV entries

expe.company.com

collab-edge.company.com

company.com

 

 

Mandeep
0 Helpful

Go to solution
mm22
Level 1
Level 1
In response to mm22

‎04-27-2020 03:00 AM

another observation

if i use the internal IP it gives me non-secured

using public hostname comes with secured-lock

 

Screenshot 2020-04-27 at 3.26.49 PM.png

 

Screenshot 2020-04-27 at 3.26.01 PM.png

Mandeep
0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to mm22

‎04-27-2020 05:33 AM

That's expected and has nothing to do with Let's Encrypt. This is how SSL works. If you access it via a url that is not part of the list of FQDNs in the certificate, as with the IP you will get this warning.



Response Signature


0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents