Cisco Cisco Expressway
Figure 3: Entering subject alternative names for security profiles and chat node aliases on the Expressway-
C's CSR generator
C's CSR generator
Expressway-E server certificate requirements
The Expressway-E server certificate needs to include the following elements in its list of subject alternate
names:
names:
n
Unified CM registrations domains: all of the domains which are configured on the Expressway-C for
Unified CM registrations. They are required for secure communications between endpoint devices and
Expressway-E.
You must select the DNS format and manually specify the required FQDNs, separated by commas if you
need multiple domains. The SRVName format may not be supported by your chosen CA.
You must also prefix each with collab-edge. (see example in following screenshot).
Unified CM registrations. They are required for secure communications between endpoint devices and
Expressway-E.
You must select the DNS format and manually specify the required FQDNs, separated by commas if you
need multiple domains. The SRVName format may not be supported by your chosen CA.
You must also prefix each with collab-edge. (see example in following screenshot).
n
XMPP federation domains: the domains used for point-to-point XMPP federation. These are configured
on the IM&P servers and should also be configured on the Expressway-C as domains for XMPP
federation.
We recommend that you select the DNS format and manually specify the required FQDNs, separated by
commas if you need multiple domains. The XMPPAddress format may not be supported by your chosen
CA.
on the IM&P servers and should also be configured on the Expressway-C as domains for XMPP
federation.
We recommend that you select the DNS format and manually specify the required FQDNs, separated by
commas if you need multiple domains. The XMPPAddress format may not be supported by your chosen
CA.
n
IM and Presence chat node aliases (federated group chat): the same set of Chat Node Aliases as
entered on the Expressway-C's certificate. They are only required for voice and presence deployments
which will support group chat over TLS with federated contacts.
We recommend that you select the DNS format and manually specify the required FQDNs, separated by
commas if you need multiple domains. The XMPPAddress format may not be supported by your chosen
CA.
Note that the list of required aliases can be viewed (and copy-pasted) from the equivalent
entered on the Expressway-C's certificate. They are only required for voice and presence deployments
which will support group chat over TLS with federated contacts.
We recommend that you select the DNS format and manually specify the required FQDNs, separated by
commas if you need multiple domains. The XMPPAddress format may not be supported by your chosen
CA.
Note that the list of required aliases can be viewed (and copy-pasted) from the equivalent
Generate CSR
page on the Expressway-C.
Unified Communications Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.2)
Page 25 of 40
Server certificate requirements for Unified Communications