Cisco Cisco Expressway Manual De Manutenção
Figure 3 Entering subject alternative names for security profiles and chat node aliases on the
Expressway-C's CSR generator
Expressway-C's CSR generator
Expressway-E server certificate requirements
The Expressway-E server certificate needs to include the following elements in its list of subject alternate names:
■
Unified CM registrations domains: all of the domains which are configured on the Expressway-C for Unified
CM registrations. They are required for secure communications between endpoint devices and Expressway-E.
CM registrations. They are required for secure communications between endpoint devices and Expressway-E.
Select the DNS format and manually specify the required FQDNs. Separate the FQDNs by commas if you need
multiple domains. You may select CollabEdgeDNS format instead, which simply adds the prefix
multiple domains. You may select CollabEdgeDNS format instead, which simply adds the prefix
collab-edge.
to the domain that you enter. This format is recommended if you do not want to include your top level domain
as a SAN (see example in following screenshot).
as a SAN (see example in following screenshot).
■
XMPP federation domains: the domains used for point-to-point XMPP federation. These are configured on
the IM&P servers and should also be configured on the Expressway-C as domains for XMPP federation.
the IM&P servers and should also be configured on the Expressway-C as domains for XMPP federation.
Select the DNS format and manually specify the required FQDNs. Separate the FQDNs by commas if you need
multiple domains. Do not use the XMPPAddress format as it may not be supported by your CA, and may be
discontinued in future versions of the Expressway software.
multiple domains. Do not use the XMPPAddress format as it may not be supported by your CA, and may be
discontinued in future versions of the Expressway software.
■
IM and Presence chat node aliases (federated group chat): the same set of Chat Node Aliases as entered
on the Expressway-C's certificate. They are only required for voice and presence deployments which will
support group chat over TLS with federated contacts.
on the Expressway-C's certificate. They are only required for voice and presence deployments which will
support group chat over TLS with federated contacts.
Select the DNS format and manually specify the required FQDNs. Separate the FQDNs by commas if you need
multiple domains. Do not use the XMPPAddress format as it may not be supported by your CA, and may be
discontinued in future versions of the Expressway software.
multiple domains. Do not use the XMPPAddress format as it may not be supported by your CA, and may be
discontinued in future versions of the Expressway software.
Note that you can copy the list of chat node aliases from the equivalent Generate CSR page on the
Expressway-C.
Expressway-C.
Figure 4 Entering subject alternative names for Unified CM registration domains, XMPP federation
domains, and chat node aliases, on the Expressway-E's CSR generator
domains, and chat node aliases, on the Expressway-E's CSR generator
for full information about how to create and
upload the Expressway’s server certificate and how to upload a list of trusted certificate authorities.
50
Cisco Expressway Administrator Guide