Cisco Cisco Expressway
Appendix 2: Additional information
Certificates for TLS
For the Expressway to connect to the LDAP server over TLS, it must have a root CA certificate loaded that
authorizes the LDAP server’s server certificate.
authorizes the LDAP server’s server certificate.
In large organizations the IT department will be able to provide relevant certificate information. Details on how
to process the supplied certificate, and how to create the root CA certificate using an OCS server are
described in
to process the supplied certificate, and how to create the root CA certificate using an OCS server are
described in
.
If a root CA certificate is already loaded that is required for other purposes, this new root CA certificate
should be concatenated with the other root CA certificate (Trusted CA certificate) and the single file
containing the two certificates uploaded to Expressway.
should be concatenated with the other root CA certificate (Trusted CA certificate) and the single file
containing the two certificates uploaded to Expressway.
Note that the server address entered on the
LDAP configuration
page on the Expressway must match the
CN (common name) contained within the certificate presented by the LDAP server.
Use with Expressway clusters
All LDAP configuration is replicated across cluster peers, however the DNS server is configurable
independently on each Expressway peer. Make sure each peer references a DNS server that can lookup the
LDAP server and (if SASL is enabled) can perform a reverse lookup of the LDAP server IP address.
independently on each Expressway peer. Make sure each peer references a DNS server that can lookup the
LDAP server and (if SASL is enabled) can perform a reverse lookup of the LDAP server IP address.
Cisco Expressway Authenticating Accounts Using LDAP Deployment Guide (X8.2)
Page 11 of 19
Appendix 2: Additional information