Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
493
Views
0
Helpful
2
Replies

VCS Expressway-C

Firasat.siddiqui_2
Level 1
Level 1

ā€Ž12-28-2016 06:14 PM - edited ā€Ž03-19-2019 11:58 AM

Hello,

i required Jabber Client register with IM & Presence from Internet. i have VCS Expressway-E (have CA certificate) and VCS Expressway-C (have certificate form CA Authority) but i did not purchase certificate for CUCM/IM & Presence. when i am trying to add CUCM and IM & Presence server in Expressway-C as TLS 'on' i am getting error so i found in the search that i need Cluster Security Mode '1' in CUCM enterprise parameter that currently i have '0' what else i need for this?

do i need certificate as well from CUCM? i do not want spend money for external certificate so can i generate certificate from CUCM and upload to Expressway-C. OR if i leave TLS off then what is would i loose?

please help,

i have VCS Expressway 8.7 version and CUCM/IM & Presence version 11.

Labels:
0 Helpful
2 Replies 2

Dennis Mink
VIP Alumni
VIP Alumni

ā€Ž12-28-2016 06:44 PM

if you were to be able to produce a vcse.yourdomain.com  selfsigned cert, it will not be from an internet trusted CA, unless you can manually install it on your client, I cant see why it would work.

the Certificate will need to be self signed by your VCSE though not your CUCM.

This is all theory, I have never tried it before, as externally signed certs are really the key behind SSL in the first place. you can try it.

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

DenysAdams
Level 1
Level 1

ā€Ž01-10-2017 02:42 AM

Hello,


it would be more helpful if you provided the error you are receiving.
You do not need to have external certs for your CUCM and IMP, they will have either self-signed certs generated for them or internal CA certs you have installed.

TLS between is mandatory between EXPC and EXPE
5060 TCP/UDP can be used from EXPC to CUCM/IMP/UNITY (traffic between CUCM/IMP/UNITY to expressway C will not be encrypted)
you can use TLS for these as well if you want to secure your traffic between EXPE and infrastructure 

the only public cert required is for the expressway E
everything else can use selfsigned or internal CA signed, you just need to ensure that you either provide the RootCA / Intermediate CA in the Trust stores for each Application or have the individual certs in the trust stores

0 Helpful
Customers Also Viewed These Support Documents