Cisco Cisco TelePresence Video Communication Server Expressway
VCS Control
VCS Expressway
Peer 1 address
Enter the FQDN of the VCS
Expressway.
Expressway.
Note that if you use an IP
address (not recommended),
that address must be present
in the VCS Expressway server
certificate.
address (not recommended),
that address must be present
in the VCS Expressway server
certificate.
Not applicable
Peer 2...6 address
Enter the FQDNs of additional
peers if it is a cluster of VCS
Expressways.
peers if it is a cluster of VCS
Expressways.
Not applicable
4. Click Create zone.
Server Certificate Requirements for Unified Communications
Cisco Unified Communications Manager Certificates
The two Cisco Unified Communications Manager certificates that are significant for Mobile and Remote
Access are the CallManager certificate and the tomcat certificate. These are automatically installed on the
Cisco Unified Communications Manager and by default they are self-signed and have the same common
name (CN).
Access are the CallManager certificate and the tomcat certificate. These are automatically installed on the
Cisco Unified Communications Manager and by default they are self-signed and have the same common
name (CN).
We recommend using externally-signed certificates for best end-to-end security between external endpoints
and internal endpoints. However, if you do use self-signed certificates, the two certificates must have
different common names. This is because the VCS does not allow two self-signed certificates with the same
CN. If the CallManager and tomcat self-signed certs have the same CN in the VCS's trusted CA list, then it
can only trust one of them. This means that either secure HTTP or secure SIP, between VCS Control and
Cisco Unified Communications Manager, will fail.
and internal endpoints. However, if you do use self-signed certificates, the two certificates must have
different common names. This is because the VCS does not allow two self-signed certificates with the same
CN. If the CallManager and tomcat self-signed certs have the same CN in the VCS's trusted CA list, then it
can only trust one of them. This means that either secure HTTP or secure SIP, between VCS Control and
Cisco Unified Communications Manager, will fail.
Also, when generating tomcat certificate signing requests for any products within the Cisco Collaboration
Systems Release 10.5.2, you need to be aware of
Systems Release 10.5.2, you need to be aware of
. You need to work around this issue to
ensure that the FQDNs of the nodes are in the certificates as Subject Alternative Names. The VCS X8.5.2
Release Notes have the details of the workarounds.
Release Notes have the details of the workarounds.
VCS Certificates
The VCS certificate signing request (CSR) tool prompts for and incorporates the relevant subject alternate
name (SAN) entries as appropriate for the Unified Communications features that are supported on that VCS.
name (SAN) entries as appropriate for the Unified Communications features that are supported on that VCS.
The following table shows which CSR alternative name elements apply to which Unified Communications
features:
features:
CSR SAN element
Mobile and remote access
Jabber Guest
XMPP federation
Unified CM registrations domains
ü
(VCS Expressway only)
X
X
XMPP federation domains
X
X
ü
(VCS Expressway only)
Unified Communications Mobile and Remote Access via Cisco VCS Deployment Guide (X8.6)
Page 19 of 55
Unified Communications prerequisites