Technically, you may use any certificate. However the client (smart phone) has to trust the certificate. Since Verisign and GeoTrust was trusted by many smart phones, Cisco recommend you use those two.

If you used a CA that the smart phone doesn't trust, you'll have to configure the smart phone to trust it. This part is beyond Cisco support.

Michael

the steps outlined in the install guide state that we need to load an intermediate certificate AND the cert received from the CA. If we signed using our own CA, what is the Intermediate cert? thanks for the input.

IF you have intermediate certs, you need to upload the intermediate certs. If you don't, just ignore it.

Michael

I now have the certs loaded and the ASA configured. in CUMA for the Proxy address do I need to put the world routeable IP address for the ASA?

Thanks!

The address here will be used for SSL handshake, which means:

1) The address has to be reachable from CUMA

2) The certificate ASA presents to CUMA needs to have a Common Name (CN) that matches with this name.

Michael

hmmm, so can it be an IP address, or does it need to be a world routable fqdn? The issue is that we have 2 domains (long story, but it is necessary at this point), one domain is reachable form the outside (public), and the other is what all of our internal devices are a member of. Is there a way around this so that I can have the mobility clients just use the IP address of the proxy server?

thanks again for all the input.

Ok, I now have CUMC up and running and registered with CUCM. Presence and Voicemail integrations seem to be working. I am however stumped with DVO - Dial via Office. I have checked my CUMA and CUCM configs and can't see what I'm missing. It doesn't appear to even give me the option for DVO in the client even though I have set CUMA to force DVO.

Any Ideas? Thanks

CUMC 3.x on Blackberry does NOT support DVO. Please wait for CUMC 7.x.

Michael

That would explain it...any idea when 7.x will be released?

Should be around the corner.

Michael

Hello, I've been floowing this thread and it has been very useful, but one thing that I don't have completely clear.

We are deploying a CUMA server, but by now it will be only for testing purposes, no internet access. The phones are going to connect through the company's wireless LAN to the CUMA server.

Still it's necessary to have certificates from the ASA? Or can we work without an ASA? In this moment the problem we are facing is that the phones communicate with the CUMA but they return an error message "invalid certificate recevied from the server"

thanks in advance

You may test without ASA.

But the phone needs to have a secure connection (TLS). Thus the phone has to trust the certificate ASA presents to it.

Please refer to your phone's manual to see how to make the phone trust a certificate.

Michael

I'm not entirely sure but thought that if connected via wireless you would still need a route to the outside interface of the ASA. As for certificates, you may be able to run without one I'm not entirely as long as the security context in CUMA is correctly set.

Sorry I provide no certain direction.

Mark

Hello,

In the end it worked without an ASA, we are able to see presence and use some features, but not dial via office, we have abandoned this testing for other projects by now but just in case any other asks: yes it works without an ASA through the wireless network.

Thanks for your help