Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

CUP federation and trusted Certificate CN

I am in the process of setting up CUP federation over XMPP and as I would like to enable security it looks like I should get an SSL certificate from a public CA.  The problem is I don't know what name I should get as the CN.  Cisco's docs are a little vaugue on the topic:

http://www.cisco.com/en/US/docs/voice_ip_comm/cups/8_0/english/integration_notes/Federation/XMPPCertConfig_chapter.pdf

They state "For XMPP Federation, the Subject Common Name (CN) for the certificate must contain the domain of

the Cisco Unified Presence server."

In my situation our internal AD/dns domain is like internal.domain.com, my servers (HA pair) are named dc1im01.internal.domain.com and dc2im01.internal.domain.com.

What does my CN on the certificate need to be and do I need more than one certificate since I will use both CUP servers to federate via the DNS SRV records?

I expect that I need the entry "Enable use of Email Address when Federating" found under Presence -> Settings.

I also took note of "You can configure a wildcard domain here, for example, ‘*.example.net’ if you deploy the Chat feature

on Cisco Unified Presence, and the chat component is a subdomain of the parent domain."  However for cost purposes I would preffer not to have to get a wildcard certificate as they get a little pricey, but if that is what I need for my environment; it is what it is.

I am running CUP 8.6.4.

Everyone's tags (3)
583
Views
0
Helpful
0
Replies
CreatePlease to create content