Cisco Cisco Expressway
HTTPS. You can also upload certificate revocation lists (CRLs) for the CAs used to verify LDAP server and HTTPS
client certificates.
client certificates.
The Expressway can generate server certificate signing requests (CSRs). This removes the need to use an external
mechanism to generate certificate requests.
mechanism to generate certificate requests.
For secure communications (HTTPS and SIP/TLS) we recommend that you replace the Expressway default certificate
with a certificate generated by a trusted certificate authority.
with a certificate generated by a trusted certificate authority.
Note that in connections:
■
to an endpoint, the Expressway acts as the TLS server
■
to an LDAP server, the Expressway is a client
■
between two Expressway systems, either Expressway may be the client with the other Expressway being the
TLS server
TLS server
■
via HTTPS, the web browser is the client and the Expressway is the server
TLS can be difficult to configure. For example, when using it with an LDAP server we recommend that you confirm
the system is working correctly over TCP before attempting to secure the connection with TLS. We also recommend
using a third party LDAP browser to verify that your LDAP server is correctly configured for TLS.
the system is working correctly over TCP before attempting to secure the connection with TLS. We also recommend
using a third party LDAP browser to verify that your LDAP server is correctly configured for TLS.
Note:
Be careful not to allow your CA certificates or CRLs to expire. This may cause certificates signed by those CAs
to be rejected.
To load the trusted CA list, go to Maintenance > Security certificates > Trusted CA certificate.
To generate a CSR and/or upload the Expressway's server certificate, go to Maintenance > Security certificates >
Server certificate.
Server certificate.
Additional server certificate requirements apply when configuring your Expressway system for Unified
Communications. For full information, see Expressway Certificate Creation and Use Deployment Guide on the
Communications. For full information, see Expressway Certificate Creation and Use Deployment Guide on the
.
Task 6: Configuring NTP Servers
The NTP server address fields set the IP addresses or Fully Qualified Domain Names (FQDNs) of the NTP servers to
be used to synchronize system time. The Time zone sets the local time zone of the Expressway.
be used to synchronize system time. The Time zone sets the local time zone of the Expressway.
To configure the NTP server address and time zone:
1.
Go to System > Time.
2.
Configure the fields as follows, on both Expressway-C and Expressway-E:
Expressway-C
Expressway-E
NTP server 1
Enter
pool.ntp.org
Enter
pool.ntp.org
Time zone
GMT in this example
GMT in this example
3.
Click Save.
21
Cisco Expressway-E and Expressway-C - Basic Configuration Deployment Guide
Expressway System Configuration