cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
243
Views
5
Helpful
4
Replies
Highlighted
Beginner

How to use Lets Encrypt with Cisco Expressway E ?

after checking available documentation and the way Lets Encrypt used by people in general.

 

is it correct to assume that expressway E has inbuilt client to talk to Lets Encrypt ?

 

i'm trying to acheive this, would say about myself "not much experienced with the certificates"

 

 

Mandeep
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: How to use Lets Encrypt with Cisco Expressway E ?

That's expected and has nothing to do with Let's Encrypt. This is how SSL works. If you access it via a url that is not part of the list of FQDNs in the certificate, as with the IP you will get this warning.

Please rate all useful posts

View solution in original post

4 REPLIES 4
Highlighted

Re: How to use Lets Encrypt with Cisco Expressway E ?

Yes it does. The setup of this is covered quite well in the MRA deployment guide for Expressway. For more information please see this document. https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-5/exwy_b_mra-expressway-deployment-guide.html

Recommend you to be on the very latest version of Expressway, currently 12.5.7, as the earlier has some bugs related to this function.

Please rate all useful posts
Highlighted
Beginner

Re: How to use Lets Encrypt with Cisco Expressway E ?

Thanks Roger.

 

i overlooked this section. Page 26 Got it.

 

confused with this though "Ensure that all domains on the SAN have a valid A record (not just the FQDNs). If the record of a domain is already used by another web server, you can configure the collab-edge domain on the CSR and configure an A record for it. "    correct me if i'm wrong, above this statement means if your "company.com" domain is hosted over GoDaddy.com

is it saying, you can specify single FQDN only as expe.company.com in your CSR ??

 

Following may be worth creating another forum as i'm ready to PM someone who can look at this...

(public CA signed certs installed, public domain, premium DNS service, internal Jabber login all good) but it's not coming all up ......(have all topology drawings setup, removed firewalls etc..opened all ports)

 

to give you more insight in the lab environment i've 12.5.7 with CUCM, IMP 12.5 (secured)

currently i have following, but still it's failing (just so you know, in the meantime i got SSL certs from another provider) and i used cisco CSA but shows the SRV entries

expe.company.com

collab-edge.company.com

company.com

 

 

Mandeep
Highlighted
Beginner

Re: How to use Lets Encrypt with Cisco Expressway E ?

another observation

if i use the internal IP it gives me non-secured

using public hostname comes with secured-lock

 

Screenshot 2020-04-27 at 3.26.49 PM.png

 

Screenshot 2020-04-27 at 3.26.01 PM.png

Mandeep
Highlighted

Re: How to use Lets Encrypt with Cisco Expressway E ?

That's expected and has nothing to do with Let's Encrypt. This is how SSL works. If you access it via a url that is not part of the list of FQDNs in the certificate, as with the IP you will get this warning.

Please rate all useful posts

View solution in original post