I'm setting up a telepresence solution with Expways and UCM/IMP. There would be a couple of MX300 G2 and SX20 but 100-200 Jabber clients. I'm trying to setup the traversal zone between Expway Core and Edge using TLS so I have to create the CSRs for the CA.
One of the fields in the Expway Core CSR form asks for the 'Unified CM phone security profile names'. The help says that I have to "Enter the names, in FQDN format, of all of the Phone Security Profiles in Unified CM that are configured for encrypted TLS and are used for devices requiring mobile and remote access. They are required to ensure that Unified CM can communicate with Expressway-C via a TLS connection when it is forwarding messages from devices that are configured with those security profiles."
The document 'Cisco Expressway Certificate Creation and Use Deployment Guide Cisco Expressway X8.1' in the section 'Server certificates and Unified Communications' says:
"The names, in FQDN format, of all of the Phone Security Profiles in Cisco Unified CM that are configured for encrypted TLS and are used for devices requiring remote access. This ensures that Cisco Unified CM can communicate with Expressway-C via a TLS connection when it is forwarding messages from devices that are configured with those security profiles. A new certificate may need to be produced if chat node aliases are added or renamed, such as when an IM and Presence node is added or renamed, or if new TLS phone security profiles are added. You must restart the Expressway-C for any new uploaded server certificate to take effect."
So what do I have to put in this field I don't understand.
heathrw' s answer is correct. The information you need is already in this document. I didn't see it the first time I read the document. You can find it in page 11 under the section "Unified CM". There's also a screenshot in there with the name that the profile should have.
To anyone who is not familiar with the certificate procedure and encrypted end points, you should know that these names should be in the CSR you make for the expc. There's no need to be resolvable A records in your DNS they just used for the TLS negotiation between the expc and the endpoints registered to the CM environment internally.
I'm not able to access my old voice mail messages all of a sudden. The recording says something like 'the message is currently not available'. This has never happened before in all the years I have been using this system. I have t...
If you have 2 ISR routers, one acting as Failover, do we need to have both the same number of SRST licenses on the 2 routers?
No. You will only need the SRST licenses on the primary router. Because this feature...
You have reached the Cisco Logistics Support Center.. To Check Status of your RMA, visit Product Returns & Replacements (RMA).
Need help? Contact us by Phone or Email.
Phone: 1800 553 2447 Option 4