Cisco Cisco Expressway 维护手册
n
Unified CM registrations domains: all of the domains which are configured on the Expressway-C for
Unified CM registrations. They are required for secure communications between endpoint devices and
Expressway-E.
Select the DNS format and manually specify the required FQDNs. Separate the FQDNs by commas if
you need multiple domains. You may select CollabEdgeDNS format instead, which simply adds the prefix
collab-edge.
Unified CM registrations. They are required for secure communications between endpoint devices and
Expressway-E.
Select the DNS format and manually specify the required FQDNs. Separate the FQDNs by commas if
you need multiple domains. You may select CollabEdgeDNS format instead, which simply adds the prefix
collab-edge.
to the domain that you enter. This format is recommended if you do not want to include
your top level domain as a SAN (see example in following screenshot).
n
XMPP federation domains: the domains used for point-to-point XMPP federation. These are configured
on the IM&P servers and should also be configured on the Expressway-C as domains for XMPP
federation.
Select the DNS format and manually specify the required FQDNs. Separate the FQDNs by commas if
you need multiple domains. Do not use the XMPPAddress format as it may not be supported by your CA,
and may be discontinued in future versions of the Expressway software.
on the IM&P servers and should also be configured on the Expressway-C as domains for XMPP
federation.
Select the DNS format and manually specify the required FQDNs. Separate the FQDNs by commas if
you need multiple domains. Do not use the XMPPAddress format as it may not be supported by your CA,
and may be discontinued in future versions of the Expressway software.
n
IM and Presence chat node aliases (federated group chat): the same set of Chat Node Aliases as
entered on the Expressway-C's certificate. They are only required for voice and presence deployments
which will support group chat over TLS with federated contacts.
Select the DNS format and manually specify the required FQDNs. Separate the FQDNs by commas if
you need multiple domains. Do not use the XMPPAddress format as it may not be supported by your CA,
and may be discontinued in future versions of the Expressway software.
Note that you can copy the list of chat node aliases from the equivalent
entered on the Expressway-C's certificate. They are only required for voice and presence deployments
which will support group chat over TLS with federated contacts.
Select the DNS format and manually specify the required FQDNs. Separate the FQDNs by commas if
you need multiple domains. Do not use the XMPPAddress format as it may not be supported by your CA,
and may be discontinued in future versions of the Expressway software.
Note that you can copy the list of chat node aliases from the equivalent
Generate CSR
page on the
Expressway-C.
Figure 11: Entering subject alternative names for Unified CM registration domains, XMPP federation
domains, and chat node aliases, on the Expressway-E's CSR generator
domains, and chat node aliases, on the Expressway-E's CSR generator
Managing certificate revocation lists (CRLs)
Certificate revocation list (CRL) files are used by the Expressway to validate certificates presented by client
browsers and external systems that communicate with the Expressway over TLS/HTTPS. A CRL identifies
those certificates that have been revoked and can no longer be used to communicate with the Expressway.
browsers and external systems that communicate with the Expressway over TLS/HTTPS. A CRL identifies
those certificates that have been revoked and can no longer be used to communicate with the Expressway.
We recommend that you upload CRL data for the CAs that sign TLS/HTTPS client and server certificates.
When enabled, CRL checking is applied for every CA in the chain of trust.
When enabled, CRL checking is applied for every CA in the chain of trust.
Certificate revocation sources
The Expressway can obtain certificate revocation information from multiple sources:
Cisco Expressway Administrator Guide (X8.5.2)
Page 227 of 403
Maintenance
About security certificates