Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Creating a CSR using Expressway

Hello community.

I'm setting up a telepresence solution with Expways and UCM/IMP. There would be a couple of MX300 G2 and SX20 but 100-200 Jabber clients. I'm trying to setup the traversal zone between Expway Core and Edge using TLS so I have to create the CSRs for the CA.

One of the fields in the Expway Core CSR form asks for the 'Unified CM phone security profile names'. The help says that I have to "Enter the names, in FQDN format, of all of the Phone Security Profiles in Unified CM that are configured for encrypted TLS and are used for devices requiring mobile and remote access. They are required to ensure that Unified CM can communicate with Expressway-C via a TLS connection when it is forwarding messages from devices that are configured with those security profiles."

The document 'Cisco Expressway Certificate Creation and Use Deployment Guide Cisco Expressway X8.1' in the section 'Server certificates and Unified Communications' says:

"The names, in FQDN format, of all of the Phone Security Profiles in Cisco Unified CM that are configured for encrypted TLS and are used for devices requiring remote access. This ensures that Cisco Unified CM can communicate with Expressway-C via a TLS connection when it is forwarding messages from devices that are configured with those security profiles. A new certificate may need to be produced if chat node aliases are added or renamed, such as when an IM and Presence node is added or renamed, or if new TLS phone security profiles are added. You must restart the Expressway-C for any new uploaded server certificate to take effect."

So what do I have to put in this field I don't understand.

Please advise.

Thank you

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Hi,From the documentation I

Hi,

From the documentation I understand that you enter the FQDN entries of the UCM security profiles configured as per Page 11, Step 3 

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-1/Mobile-Remote-Access-via-VCS-Deployment-Guide-X8-1-1.pdf

 

2 REPLIES
Bronze

Hi,From the documentation I

Hi,

From the documentation I understand that you enter the FQDN entries of the UCM security profiles configured as per Page 11, Step 3 

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-1/Mobile-Remote-Access-via-VCS-Deployment-Guide-X8-1-1.pdf

 

New Member

heathrw' s answer is correct.

heathrw' s answer is correct. The information you need is already in this document. I didn't see it the first time I read the document. You can find it in page 11 under the section "Unified CM". There's also a screenshot in there with the name that the profile should have.

To anyone who is not familiar with the certificate procedure and encrypted end points, you should know that these names should be in the CSR you make for the expc. There's no need to be resolvable A records in your DNS they just used for the TLS negotiation between the expc and the endpoints registered to the CM environment internally.

1396
Views
0
Helpful
2
Replies
CreatePlease to create content