Cisco Cisco TelePresence Management Suite (TMS) Version 15
Introduction
There are three parts to the configuration:
n
Generating a certificate signing request (CSR)
n
Installing the SSL Server Certificate on the Cisco VCS Expressway
n
Installing and stacking the Trusted CA List on the Cisco VCS Expressway
Cisco VCS Expressway X7.2.3, Cisco Expressway-E or Cisco VCS ExpresswayX8.1 or later are
supported. Only version X8.1 or later is supported with a Unified CM-centric deployment.
supported. Only version X8.1 or later is supported with a Unified CM-centric deployment.
There are important differences in how each is configured, which are noted in the procedures that follow.
NOTE: Customers using Static NAT on VCS Expressway X7.2.3 are highly recommended to not upgrade to
X8.1 or X8.2. If you are using Static NAT with Expressway-E or VCS Expressway X8.1 or X8.2, refer to the
recommended workarounds in
X8.1 or X8.2. If you are using Static NAT with Expressway-E or VCS Expressway X8.1 or X8.2, refer to the
recommended workarounds in
.
Cisco Expressway-E and VCS Expressway X8.1 and X8.2
Encryption Issue and Workarounds
Encryption Issue and Workarounds
There is an issue with the Encrypt on Behalf feature in Expressway-E X8.1 or X8.2 and VCS Expressway
X8.1 or X8.2 when using Static NAT. Because X8.1 and X8.2 use the Ethernet 2 IP address for the media
part in SDP, the media part of calls will fail. (Caveat ID: CSCum90139). Customers using Static NAT on
their VCS Expressways running X7.2.3 are urged not to upgrade to X8.1 or X8.2 until a maintenance release
fixes this issue.
X8.1 or X8.2 when using Static NAT. Because X8.1 and X8.2 use the Ethernet 2 IP address for the media
part in SDP, the media part of calls will fail. (Caveat ID: CSCum90139). Customers using Static NAT on
their VCS Expressways running X7.2.3 are urged not to upgrade to X8.1 or X8.2 until a maintenance release
fixes this issue.
If you are using Static NAT on Expressway-E or VCS Expressway X8.1 or X8.2, Cisco recommends one of
the following workarounds:
the following workarounds:
n
Downgrade VCS Expressway to X7.2.3.
n
Reconfigure Expressway-E or VCS Expressway X8.1 or X8.2 to not use Static NAT.
n
Use Expressway-C or VCS Control to Encrypt on Behalf instead of VCS Expressway.
To use Expressway-C or VCS Control to encrypt on behalf, do the following:
1. On MCU turn Encryption
OFF
for all conferences.
2. On Expressway-C or VCS Control, change the dedicated WebEx Traversal zone to
Force Encrypted
.
3. On Expressway-E or VCS Expressway, change the dedicated WebEx DNS zone to
Encryption Auto
.
Cisco Collaboration Meeting Rooms (CMR) Hybrid Configuration Guide (TMS 14.4 - WebEx WBS29)
Page 69 of 186
Configuring Certificates on Cisco Expressway-E and Cisco VCS Expressway
Introduction