Cisco Cisco Expressway
CSR SAN element
Mobile and remote access
Jabber Guest
XMPP federation
IM and Presence chat node aliases
(federated group chat)
(federated group chat)
X
X
ü
Unified CM phone security profile names
ü
(Expressway-C only)
X
X
Note:
n
A new Expressway-C certificate may need to be produced for the Expressway-C if chat node aliases are
added or renamed, such as when an IM and Presence node is added or renamed, or if new TLS phone
security profiles are added.
added or renamed, such as when an IM and Presence node is added or renamed, or if new TLS phone
security profiles are added.
n
A new Expressway-E certificate must be produced if new chat node aliases are added to the system, or if
the Unified CM or XMPP federation domains are modified.
the Unified CM or XMPP federation domains are modified.
n
You must restart the Expressway for any new uploaded server certificate to take effect.
More details about the individual feature requirements per Expressway-C / Expressway-E are described
below.
below.
Expressway-C server certificate requirements
The Expressway-C server certificate needs to include the following elements in its list of subject alternate
names:
names:
n
Unified CM phone security profile names: the names of the Phone Security Profiles in Unified CM
that are configured for encrypted TLS and are used for devices requiring remote access. Use the
FQDN format and separate multiple entries with commas.
Having the secure phone profiles as alternative names means that Unified CM can communicate via TLS
with the Expressway-C when it is forwarding messages from devices that use those profiles.
that are configured for encrypted TLS and are used for devices requiring remote access. Use the
FQDN format and separate multiple entries with commas.
Having the secure phone profiles as alternative names means that Unified CM can communicate via TLS
with the Expressway-C when it is forwarding messages from devices that use those profiles.
n
IM and Presence chat node aliases (federated group chat): the Chat Node Aliases (e.g.
chatroom1.example.com) that are configured on the IM and Presence servers. These are required only for
Unified Communications XMPP federation deployments that intend to support group chat over TLS with
federated contacts.
The Expressway-C automatically includes the chat node aliases in the CSR, providing it has discovered a
set of IM&P servers.
We recommend that you use DNS format for the chat node aliases when generating the CSR. You must
include the same chat node aliases in the Expressway-E server certificate's alternative names.
chatroom1.example.com) that are configured on the IM and Presence servers. These are required only for
Unified Communications XMPP federation deployments that intend to support group chat over TLS with
federated contacts.
The Expressway-C automatically includes the chat node aliases in the CSR, providing it has discovered a
set of IM&P servers.
We recommend that you use DNS format for the chat node aliases when generating the CSR. You must
include the same chat node aliases in the Expressway-E server certificate's alternative names.
Figure 3: Entering subject alternative names for security profiles and chat node aliases on the Expressway-
C's CSR generator
C's CSR generator
Unified Communications Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.5.2)
Page 19 of 54
Unified Communications prerequisites