Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
603
Views
0
Helpful
5
Replies

4400 ISR HA Certificate Question

rchaseling
Level 4
Level 4

‎01-29-2021 08:42 AM

Hi,

Have a pair of 4331s configurd in a HA pair and nee a public cert for Microsft Direct routing integration

 

Is there any Cisco guidance or has anyone any experience with doing this? Is it supported to create an exportable private key on one 4331 and then export it and import it in to the other, then configure both 4331 with same CN and SAN and thus can import the exact same certificate on to both?

I had tried that before with a customers internal CA with secure trunk to CUCM and when the CUBEs would fail over the CUCM would lose trust . Never got to bottom but think it was a revocation issue......

 

Or do I need to create two individial CSRs with same CN? Not sure Public CAs will issue two different certs with same CN

 

Any tips appreciated

 

Labels:
0 Helpful
5 Replies 5

rchaseling
Level 4
Level 4
In response to Nithin Eluvathingal

‎01-29-2021 08:58 AM

Thanks for the link but I have looked at that already and I do not see any guidance for certificates when they are configured in a HA pair using redunadancy groups....thus the forum post

 

....unless of course there is a section in that guide that I have missed

0 Helpful

Roger Kallberg
VIP
VIP
In response to rchaseling

‎01-30-2021 12:12 AM

Maybe you could have better luck on getting an answer on this if you post your question in the security forum.



Response Signature


0 Helpful

Ritesh Desai
Spotlight
Spotlight

‎01-30-2021 01:10 AM

Hey @rchaseling 

 

Have your tried looking at below URL's

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/interoperability-portal/direct-routing-with-cube.pdf

 

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/interoperability-portal/direct-routing-for-communications-manager-via-cube.pdf

 

I have experience of implementation and working on CUBE ISR 4431 RG Infra HA protocol but never worked on integration of MS Teams with ISR 4331 with HA.
Basically, HA identifies which SBC is ACTIVE. after the HA identifies the ACTIVE SBC, then the SIP INVITE gets exchanged.

Probably you need to check if multi-SAN certificates are supported on CUBE so that if you install on CUBE-1 of pair-1 it will replicate to CUBE-2 of pair-1. this is my understanding. please validate the understanding. Also give a try to the URL that I have shared. Hope that helps.

*** Please rate helpful post. Please mark as answer if it solves your problem/query.
regards, Ritesh Desai
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents