Cisco Cisco TelePresence Video Communication Server Expressway Maintenance Manual
■
Unified CM phone security profile names: the names of the Phone Security Profiles in Unified CM that are
configured for encrypted TLS and are used for devices requiring remote access. Use the FQDN format and
separate multiple entries with commas.
configured for encrypted TLS and are used for devices requiring remote access. Use the FQDN format and
separate multiple entries with commas.
Having the secure phone profiles as alternative names means that Unified CM can communicate via TLS with
the VCS Control when it is forwarding messages from devices that use those profiles.
the VCS Control when it is forwarding messages from devices that use those profiles.
■
IM and Presence chat node aliases (federated group chat): the Chat Node Aliases (e.g.
chatroom1.example.com) that are configured on the IM and Presence servers. These are required only for
Unified Communications XMPP federation deployments that intend to support group chat over TLS with
federated contacts.
chatroom1.example.com) that are configured on the IM and Presence servers. These are required only for
Unified Communications XMPP federation deployments that intend to support group chat over TLS with
federated contacts.
The VCS Control automatically includes the chat node aliases in the CSR, providing it has discovered a set of
IM&P servers.
IM&P servers.
We recommend that you use DNS format for the chat node aliases when generating the CSR. You must
include the same chat node aliases in the VCS Expressway server certificate's alternative names.
include the same chat node aliases in the VCS Expressway server certificate's alternative names.
Figure 11 Entering subject alternative names for security profiles and chat node aliases on the VCS
Control's CSR generator
Control's CSR generator
VCS Expressway server certificate requirements
The VCS Expressway server certificate needs to include the following elements in its list of subject alternate names:
■
Unified CM registrations domains: all of the domains which are configured on the VCS Control for Unified
CM registrations. They are required for secure communications between endpoint devices and VCS
Expressway.
CM registrations. They are required for secure communications between endpoint devices and VCS
Expressway.
Select the DNS format and manually specify the required FQDNs. Separate the FQDNs by commas if you need
multiple domains. You may select CollabEdgeDNS format instead, which simply adds the prefix
multiple domains. You may select CollabEdgeDNS format instead, which simply adds the prefix
collab-edge.
to the domain that you enter. This format is recommended if you do not want to include your top level domain
as a SAN (see example in following screenshot).
as a SAN (see example in following screenshot).
■
XMPP federation domains: the domains used for point-to-point XMPP federation. These are configured on
the IM&P servers and should also be configured on the VCS Control as domains for XMPP federation.
the IM&P servers and should also be configured on the VCS Control as domains for XMPP federation.
Select the DNS format and manually specify the required FQDNs. Separate the FQDNs by commas if you need
multiple domains. Do not use the XMPPAddress format as it may not be supported by your CA, and may be
discontinued in future versions of the VCS software.
multiple domains. Do not use the XMPPAddress format as it may not be supported by your CA, and may be
discontinued in future versions of the VCS software.
■
IM and Presence chat node aliases (federated group chat): the same set of Chat Node Aliases as entered
on the VCS Control's certificate. They are only required for voice and presence deployments which will
support group chat over TLS with federated contacts.
on the VCS Control's certificate. They are only required for voice and presence deployments which will
support group chat over TLS with federated contacts.
Select the DNS format and manually specify the required FQDNs. Separate the FQDNs by commas if you need
multiple domains. Do not use the XMPPAddress format as it may not be supported by your CA, and may be
discontinued in future versions of the VCS software.
multiple domains. Do not use the XMPPAddress format as it may not be supported by your CA, and may be
discontinued in future versions of the VCS software.
Note that you can copy the list of chat node aliases from the equivalent Generate CSR page on the VCS
Control.
Control.
285
Cisco TelePresence Video Communication Server Administrator Guide