01-29-2021 08:42 AM
Hi,
Have a pair of 4331s configurd in a HA pair and nee a public cert for Microsft Direct routing integration
Is there any Cisco guidance or has anyone any experience with doing this? Is it supported to create an exportable private key on one 4331 and then export it and import it in to the other, then configure both 4331 with same CN and SAN and thus can import the exact same certificate on to both?
I had tried that before with a customers internal CA with secure trunk to CUCM and when the CUBEs would fail over the CUCM would lose trust . Never got to bottom but think it was a revocation issue......
Or do I need to create two individial CSRs with same CN? Not sure Public CAs will issue two different certs with same CN
Any tips appreciated
01-29-2021 08:49 AM
01-29-2021 08:58 AM
Thanks for the link but I have looked at that already and I do not see any guidance for certificates when they are configured in a HA pair using redunadancy groups....thus the forum post
....unless of course there is a section in that guide that I have missed
01-30-2021 12:12 AM
Maybe you could have better luck on getting an answer on this if you post your question in the security forum.
01-30-2021 01:10 AM
Hey @rchaseling
Have your tried looking at below URL's
I have experience of implementation and working on CUBE ISR 4431 RG Infra HA protocol but never worked on integration of MS Teams with ISR 4331 with HA.
Basically, HA identifies which SBC is ACTIVE. after the HA identifies the ACTIVE SBC, then the SIP INVITE gets exchanged.
Probably you need to check if multi-SAN certificates are supported on CUBE so that if you install on CUBE-1 of pair-1 it will replicate to CUBE-2 of pair-1. this is my understanding. please validate the understanding. Also give a try to the URL that I have shared. Hope that helps.
01-30-2021 01:14 AM
Exporting and Importing RSA Keys is explained in below document.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: