Cisco Cisco Expressway
n
Unified CM phone security profile names: the names, in FQDN format, of all of the Phone Security
Profiles in Unified CM that are configured for encrypted TLS and are used for devices requiring remote
access. This ensures that Unified CM can communicate with Expressway-C via a TLS connection when
it is forwarding messages from devices that are configured with those security profiles.
Profiles in Unified CM that are configured for encrypted TLS and are used for devices requiring remote
access. This ensures that Unified CM can communicate with Expressway-C via a TLS connection when
it is forwarding messages from devices that are configured with those security profiles.
n
IM and Presence chat node aliases (federated group chat): the Chat Node Aliases (e.g.
chatroom1.example.com) that are configured on the IM and Presence servers. These are required only for
Unified Communications XMPP federation deployments that intend to support group chat over TLS with
federated contacts.
The Expressway-C automatically includes the chat node aliases in the CSR, providing it has discovered a
set of IM&P servers.
We recommend that you use DNS format for the chat node aliases when generating the CSR. You must
include the same chat node aliases in the Expressway-E server certificate's alternative names.
chatroom1.example.com) that are configured on the IM and Presence servers. These are required only for
Unified Communications XMPP federation deployments that intend to support group chat over TLS with
federated contacts.
The Expressway-C automatically includes the chat node aliases in the CSR, providing it has discovered a
set of IM&P servers.
We recommend that you use DNS format for the chat node aliases when generating the CSR. You must
include the same chat node aliases in the Expressway-E server certificate's alternative names.
Figure 3: Entering subject alternative names for security profiles and chat node aliases on the Expressway-
C's CSR generator
C's CSR generator
Expressway-E server certificate requirements
The Expressway-E server certificate needs to include the following elements in its list of subject alternate
names:
names:
n
Unified CM registrations domains: all of the domains which are configured on the Expressway-C for
Unified CM registrations. They are required for secure communications between endpoint devices and
Expressway-E.
You must select the DNS format and manually specify the required FQDNs. Separate the FQDNs by
commas if you need multiple domains. Do not use the SRVName format as it may not be supported by
your CA, and may be discontinued in future versions of the Expressway software.
You may prefix the domain name with collab-edge. if you do not wish to include the top level domain
as a SAN (see example in following screenshot).
Unified CM registrations. They are required for secure communications between endpoint devices and
Expressway-E.
You must select the DNS format and manually specify the required FQDNs. Separate the FQDNs by
commas if you need multiple domains. Do not use the SRVName format as it may not be supported by
your CA, and may be discontinued in future versions of the Expressway software.
You may prefix the domain name with collab-edge. if you do not wish to include the top level domain
as a SAN (see example in following screenshot).
n
XMPP federation domains: the domains used for point-to-point XMPP federation. These are configured
on the IM&P servers and should also be configured on the Expressway-C as domains for XMPP
federation.
You must select the DNS format and manually specify the required FQDNs. Separate the FQDNs by
commas if you need multiple domains. Do not use the XMPPAddress format as it may not be supported
by your CA, and may be discontinued in future versions of the Expressway software.
on the IM&P servers and should also be configured on the Expressway-C as domains for XMPP
federation.
You must select the DNS format and manually specify the required FQDNs. Separate the FQDNs by
commas if you need multiple domains. Do not use the XMPPAddress format as it may not be supported
by your CA, and may be discontinued in future versions of the Expressway software.
n
IM and Presence chat node aliases (federated group chat): the same set of Chat Node Aliases as
entered on the Expressway-C's certificate. They are only required for voice and presence deployments
which will support group chat over TLS with federated contacts.
entered on the Expressway-C's certificate. They are only required for voice and presence deployments
which will support group chat over TLS with federated contacts.
Unified Communications Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.5)
Page 18 of 50
Unified Communications prerequisites