Cisco Systems and the ASA Services Module Manual De Usuario
15-16
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 15 Using the Cisco Unified Communication Wizard
Configuring the UC-IME by using the Unified Communication Wizard
For the TLS handshake, the two entities, namely the local entity and a remote entity, could validate the
peer certificate via a certificate chain to trusted third-party certificate authorities. The local entity and
the remote entity enroll with the CAs. The ASA as the TLS proxy must be trusted by both the local and
remote entities. The security appliance is always associated with one of the enterprises. Within that
enterprise, the entity and the security appliance authenticate each other by using a self-signed certificate.
peer certificate via a certificate chain to trusted third-party certificate authorities. The local entity and
the remote entity enroll with the CAs. The ASA as the TLS proxy must be trusted by both the local and
remote entities. The security appliance is always associated with one of the enterprises. Within that
enterprise, the entity and the security appliance authenticate each other by using a self-signed certificate.
To establish a trusted relationship between the security appliance and the remote entity, the security
appliance can enroll with the CA on behalf of the Cisco Unified Presence server for the local entity. In
the enrollment request, the local entity identity (domain name) is used.
appliance can enroll with the CA on behalf of the Cisco Unified Presence server for the local entity. In
the enrollment request, the local entity identity (domain name) is used.
To establish the trust relationship, the security appliance enrolls with the third party CA by using the
Cisco Unified Presence server FQDN as if the security appliance is the Cisco Unified Presence server.
Cisco Unified Presence server FQDN as if the security appliance is the Cisco Unified Presence server.
Note
If the ASA already has a signed identity certificate, you can skip
in this procedure and proceed
directly to
Step 1
In the ASA’s Identity Certificate area, click Generate CSR. The CSR parameters dialog box appears.
For information about specifying additional parameters for the certificate signing request (CSR), see
Information dialog boxes appear indicating that the wizard is delivering the settings to the ASA and
retrieving the certificate key pair information. The Identity Certificate Request dialog box appears.
retrieving the certificate key pair information. The Identity Certificate Request dialog box appears.
For information about saving the CSR that was generated and submitting it to a CA, see
Step 2
Click Install ASA’s Identity Certificate. See
.
Step 3
Click Remote Server’s CA’s Certificate. The Install Certificate dialog box appears. Install the
certificate. See
certificate. See
.
Note
You must install a root CA certificate for each remote entity that communicates with the ASA
because different organizations might be using different CAs.
because different organizations might be using different CAs.
Step 4
Click Next.
The wizard completes by displaying a summary of the configuration created for the Presence Federation
proxy.
proxy.
Configuring the UC-IME by using the Unified Communication
Wizard
Wizard
Note
The Unified Communication Wizard is supported for the ASA version 8.3(1) and later.