You must repeat this procedure every time you federate with a new enterprise whose CA you do not already
trust. Likewise, you should follow this procedure if the new enterprise uses self-signed certificates, where the
self-signed certificates are uploaded instead of the root CA certificate.

Local Domain Validation for XMPP Federation

All local domains must be included in the generated cup-xmpp-s2s certificate. Before you generate the cup-
xmpp-s2s certificate, validate that all local domains are configured and appear in the Domains window.
Manually add any domains that are planned for, but that don't yet appear in the list of local domains. For
example, a domain that does not currently have any users assigned normally does not appear in the list of
domains.

Cisco Unified CM IM and Presence Administration

user interface, choose

Presence >

Domains.

After you have validated that all domains are created in the system, you can proceed to create the cup-xmpp-
s2s certificate once using either a self-signed certificate or a CA-signed certificate for XMPP federation. If
email address for federation is enabled, all email domains must also be included in the certificate.

If you add, update, or delete any local domains and regenerate the cup-xmpp-s2s certificate, you must restart
the Cisco XCP XMPP Federation Connection Manager service. To restart this service, log in to the

Cisco

Unified IM and Presence Serviceability

user interface and choose

Tools > Control Center - Feature

Services

Multi-Server Certificate Overview

IM and Presence Service supports multi-server SAN based certificates for the certificate purposes of
tomcat, cup-xmpp and cup-xmpp-s2s. You can select between a single-server or multi-server distribution to

Cisco Unified Communications XMPP Federation Deployment Guide (1.4)

Page 42 of 59

XMPP Federation through IM and Presence Service