Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
560
Views
4
Helpful
2
Replies

ASA for use with CUMA

Jose Arango
Level 1
Level 1

‎09-05-2011 06:42 AM - edited ‎03-19-2019 03:32 AM

Hello Everyone!

I have this scenario.

CUCM 7.1.5

CUMA 7.1.3

ASA 8520

I have a confusion about the configuration requiered between the CUMA and the ASA. In the CUMA,  I create a Context and it generates a

Certificate Signing Request, do i need a Certificate Authority like verisign for this configuration? does it have a Cost? what would be the configuration requiered?

Thanks

Jose Luis Arango

Labels:
0 Helpful
2 Replies 2

Christos Georgiadis
Level 4
Level 4

‎09-06-2011 05:07 AM

Hi Jose,

You can have a look at this document and it will be very helpful in your case

https://supportforums.cisco.com/docs/DOC-8402?referring_site=bodynav

Basically you need certificates so that every device in the flow can be trusted. Having said that you will need the following

-- Install the CUMA self signed certificate to ASA (this way ASA will trust the info it gets from CUMA server)

-- Install the ASA self signed certicicate to CUMA (so that CUMA will trust the info it gets from the ASA)

Now the mobile phones will communicate with the external interface of the ASA. In order to trust that interface you need to get a certificate from either Verisign or Geotrust and load it in the ASA. We require a certificate from one of those authorities because these certificates come pre loaded in ALL the mobile phones.

You could theoretically use another certificate authority but then you are on your own (which means that you have to make sure that the mobile has already that certificate loaded or you need to add it yourself manually)

And yes, a certificate from those authorities does incur a cost.

Hope this helps,

Christos

Jason Newman
Cisco Employee
Cisco Employee

‎09-06-2011 06:02 AM

Jose,

Along with what Christos has indicated, I just want to make sure you are aware that this is different for blackberry and iPhone/Nokia clients.  As per the documentation all blackberries must come in through the BES server and thus the signed certificate must be present on the CUMA server itself.  But what Christos has indicated is correct for iPhones/Nokias.

Also keep in mind that TAC does not offically support installing your own pulbic certificates on the phones, you must use one of the pre-existing verisign/geotrust public certs.

Regards,

Jason

0 Helpful
Customers Also Viewed These Support Documents