Cisco Cisco TelePresence Video Communication Server Expressway
Server certificates and Unified Communications
As a prerequisite to requesting server certificates for use in Unified Communications deployments, you must
ensure that mobile and remote access is enabled on all VCSs, and that they are configured with the relevant
domains. See
ensure that mobile and remote access is enabled on all VCSs, and that they are configured with the relevant
domains. See
.
The following sections summarize the server certificate requirements for VCS Control and VCS
Expressway.
Expressway.
VCS Control server certificate requirements
The VCS Control server certificate may need to include the following elements in its list of subject alternate
names:
names:
n
The Chat Node Aliases that are configured on the IM and Presence servers. They will be required only for
Unified Communications XMPP federation deployments that intend to use both TLS and group chat. (Note
that Unified Communications XMPP federation will be supported in a future VCS release).
The VCS Control automatically includes the chat node aliases in the CSR, providing it has discovered a
set of IM&P servers.
Unified Communications XMPP federation deployments that intend to use both TLS and group chat. (Note
that Unified Communications XMPP federation will be supported in a future VCS release).
The VCS Control automatically includes the chat node aliases in the CSR, providing it has discovered a
set of IM&P servers.
n
The names, in FQDN format, of all of the Phone Security Profiles in Cisco Unified CM that are
configured for encrypted TLS and are used for devices requiring remote access. This ensures that Cisco
Unified CM can communicate with VCS Control via a TLS connection when it is forwarding messages
from devices that are configured with those security profiles.
configured for encrypted TLS and are used for devices requiring remote access. This ensures that Cisco
Unified CM can communicate with VCS Control via a TLS connection when it is forwarding messages
from devices that are configured with those security profiles.
A new certificate may need to be produced if chat node aliases are added or renamed, such as when an IM
and Presence node is added or renamed, or if new TLS phone security profiles are added. You must restart
the VCS Control for any new uploaded server certificate to take effect.
and Presence node is added or renamed, or if new TLS phone security profiles are added. You must restart
the VCS Control for any new uploaded server certificate to take effect.
VCS Expressway server certificate requirements
The VCS Expressway server certificate may need to include the following elements in its list of subject
alternate names:
alternate names:
n
All of the domains which have been configured for Unified Communications. They are required for secure
communications between endpoint devices and VCS Expressway.
They may include the email address domain entered by users of the client application (e.g. Jabber) and
any presence domains (as configured on the VCS Control) if they are different. There is no need to include
the domains in DNS-SEC deployments.
communications between endpoint devices and VCS Expressway.
They may include the email address domain entered by users of the client application (e.g. Jabber) and
any presence domains (as configured on the VCS Control) if they are different. There is no need to include
the domains in DNS-SEC deployments.
n
The same set of Chat Node Aliases as entered on the VCS Control's certificate, if you are deploying
federated XMPP.
Note that the list of required aliases can be viewed (and copy-pasted) from the equivalent
federated XMPP.
Note that the list of required aliases can be viewed (and copy-pasted) from the equivalent
Generate CSR
page on the VCS Control.
A new certificate must be produced if new presence domains or chat node aliases are added to the system.
You must restart the VCS Expressway for any new uploaded server certificate to take effect.
You must restart the VCS Expressway for any new uploaded server certificate to take effect.
Cisco VCS Certificate Creation and Use
Page 6 of 25
Generating a certificate signing request (CSR)