Cisco Cisco TelePresence Video Communication Server Expressway
Enabling endpoints registered on the video network to call MOC clients registered on OCS
To configure an “OCS gateway” Cisco VCS Control:
1. Generate and load private key, root certificate and server certificate onto Cisco VCS.
1. Generate and load private key, root certificate and server certificate onto Cisco VCS.
2. Set up the SIP domain of the “OCS gateway” Cisco VCS.
3. Ensure that the default links between the “OCS gateway” Cisco VCS Control’s zones are set up.
4. Configure
DNS.
5. Ensure that cluster name is configured.
6. Configure an NTP server.
7. Switch on TLS in SIP configuration.
8. Set H.323 <--> SIP interworking to On.
9. Set Call routed mode to Always.
Generate and load private key, root certificate, and server certificate onto
“OCS gateway” Cisco VCS Control (Not needed if TCP connection is to be
used)
“OCS gateway” Cisco VCS Control (Not needed if TCP connection is to be
used)
Obtain and load Root CA certificate, server certificate and private key into the Cisco VCS.
Note: For mutual TLS authentication the Server certificate must be capable of being used as a Client
certificate as well.
certificate as well.
Either a single server certificate can be created to cover the “OCS gateway” cluster, or a server
certificate can be created for each Cisco VCS. If the “OCS gateway” is a non-clustered Cisco VCS
then use the section “Server certificate for each Cisco VCS”
certificate can be created for each Cisco VCS. If the “OCS gateway” is a non-clustered Cisco VCS
then use the section “Server certificate for each Cisco VCS”
Details on how to create certificates for Cisco VCS are documented in “Cisco VCS Deployment Guide
– Certificate creation and use with Cisco VCS”.
– Certificate creation and use with Cisco VCS”.
Single server certificate that can be loaded into each cluster peer:
The Certificate must specify:
Subject name: the Cisco VCS cluster’s routable domain, e.g.vcsocsgateway.test-customer.com
Subject Alternate Name: a comma separated list of the Cisco VCS peers’ routable domains
(DNS Local hostname concatenated with DNS Domain)
e.g. vcsocspeer1.test-customer.com,vcsocspeer2.test-customer.com
(DNS Local hostname concatenated with DNS Domain)
e.g. vcsocspeer1.test-customer.com,vcsocspeer2.test-customer.com
Server certificate for each Cisco VCS:
A certificate must be created for each “OCS gateway” Cisco VCS; the Certificate must specify:
Subject name: the Cisco VCS peer’s routable domain (DNS Local hostname concatenated with
DNS Domain) e.g. vcsocspeer1.test-customer.com
DNS Domain) e.g. vcsocspeer1.test-customer.com
and if it is part of a cluster:
Subject Alternate Name: the Cisco VCS cluster’s routable domain, e.g.
vcsocsgateway.test-customer.com
vcsocsgateway.test-customer.com
Load the certificates:
Load the certificates on the Security page (Maintenance > Security):
Cisco VCS Deployment Guide: Microsoft OCS 2007 R1 and R2 and Cisco VCS X5.2
Page 29 of 92