Expressway certificate requirement

Sabid C · ‎04-03-2024

Hi Team,

The UC setup we are using for B2B calls, the call flow is below-

VC endpoint - CUCM-EXP C- EXP E- Cloud

The Expressway is not in a cluster, only a single node is there.

Now for the above, which certificates are mandatory?

Thanks in advance.

Regards,

Sabid

b.winter · ‎04-03-2024

Private CA signed certificate for Exp-C, as Exp-C is in the internal network
and Public CA signed certificate for Exp-E, as Exp-E is reachable via Internet.
But this is the general rule. Doesn't matter which functions (B2B, MRA, ...) you use via the Expressways.

Shalid Kurunnan Chalil · ‎04-03-2024

Add to the above point.

you should be uploading

on the Expressway E:

Root and intermediary certificate used to sign the Expressway C certificate (generally private/internal CA) [Maintenance>> Security>>Trusted CA certificate]
Signed certificate of expressway E [ Maintenance >> Security>> Server certificate]

on the Expressway C:

Root and intermediary of the CA which used to sign the expressway E certificate
signed Expressway C certificate (private CA signed)

I am sure you are aware, but just in case

Regards

Roger Kallberg · ‎04-03-2024

Apart from what you mentioned you also need to upload the CA certificate(s), root and any intermediate, of the CA that signed the certificate of the specific Expressway node, C or E, to the [Maintenance>> Security>>Trusted CA certificate] on each.

So this:

Root and any intermediate certificate(s) used to sign the Expressway E certificate (generally public CA) [Maintenance>> Security>>Trusted CA certificate] on E
Root and intermediate certificate(s) used to sign the Expressway C certificate (generally private/internal CA) [Maintenance>> Security>>Trusted CA certificate] on C

b.winter · ‎04-08-2024

@Sabid C Could your question be answered? If yes, I would appreciate an "accepted solution".