Cisco Cisco Expressway
Connecting Expressway to Unified CM Using TLS
These instructions explain how to take a system that is already configured and working using a TCP interconnection
between Expressway and Unified CM, and to convert that trunk to use TLS instead. This table summarizes the
process:
between Expressway and Unified CM, and to convert that trunk to use TLS instead. This table summarizes the
process:
Command or Action
Table 2 Overview of Tasks to Create SIP TLS Trunk Between Expressway and Unified CM
Ensure Certificate Trust Between Unified CM and Expressway
For Unified CM and Expressway to establish a TLS connection with each other:
■
Expressway and Unified CM must both have valid server certificates loaded (you must replace the
Expressway's default server certificate with a valid server certificate)
Expressway's default server certificate with a valid server certificate)
■
Expressway must trust Unified CM’s server certificate (the root CA of the Unified CM server certificate must be
loaded onto Expressway)
loaded onto Expressway)
■
Unified CM must trust Expressway’s server certificate (the root CA of the Expressway server certificate must
be loaded onto Unified CM)
be loaded onto Unified CM)
for full details about loading certificates and how to
generate CSRs on Expressway to acquire certificates from a Certificate Authority (CA).
Note:
In a clustered environment, you must install CA and server certificates on each peer/node individually.
We strongly recommend that you do not use self-signed certificates in a production environment.
Load Server and Trust Certificates on Expressway
Expressway Server Certificate
Expressway has only one server certificate. By default, this is a certificate signed by a temporary certificate authority.
We recommend that it is replaced by a certificate generated by a trusted certificate authority.
We recommend that it is replaced by a certificate generated by a trusted certificate authority.
To upload a server certificate:
1.
Go to Maintenance > Security certificates > Server certificate.
2.
Use the Browse button in the Upload new certificate section to select and upload the server certificate PEM
file.
file.
25
Cisco Expressway SIP Trunk to Unified CM Deployment Guide
Connecting Expressway to Unified CM Using TLS