42-16
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 42 Using the Cisco Unified Communication Wizard
Configuring the UC-IME by using the Unified Communication Wizard
Configuring the Remote-Side Certificates for the Cisco Intercompany Media
Engine Proxy
Establishing a trust relationship cross enterprises or across administrative domains is key. Cross
enterprises you must use a trusted third-party CA (such as, VeriSign). The adaptive security appliance
obtains a certificate with the FQDN of the Cisco Unified Communications Manager server (certificate
impersonation).
For the TLS handshake, the two entities could validate the peer certificate via a certificate chain to
trusted third-party certificate authorities. Both entities enroll with the CAs. The adaptive security
appliance as the TLS proxy must be trusted by both entities. The adaptive security appliance is always
associated with one of the enterprises. Within that enterprise, the entity and the adaptive security
appliance could authenticate each other via a local CA, or by using self-signed certificates.
To establish a trusted relationship between the adaptive security appliance and the remote entity, the
adaptive security appliance can enroll with the CA on behalf of the local enterprise. In the enrollment
request, the local Cisco UCM identity (domain name) is used.
To establish the trust relationship, the adaptive security appliance enrolls with the third party CA by
using the Cisco Unified Communications Manager server FQDN as if the security appliance is the Cisco
UCM.
Note If the adaptive security appliance already has a signed identity certificate, you can skip Step 1 in this
procedure and proceed directly to Step 3.
Step 1 In the ASA’s Identity Certificate area, click Generate CSR. The CSR parameters dialog box appears.
For information about specifying additional parameters for the certificate signing request (CSR), see
Generating a Certificate Signing Request (CSR) for a Unified Communications Proxy, page 42-18.
Information dialog boxes appear indicating that the wizard is delivering the settings to the adaptive
security appliance and retrieving the certificate key pair information. The Identity Certificate Request
dialog box appears.
For information about saving the CSR that was generated and submitting it to a CA, see Saving the
Identity Certificate Request, page 42-19.
Step 2 In the ASA’s Identity Certificate area, click Install ASA’s Identity Certificate. Installing the ASA
Identity Certificate on the Presence Federation and Cisco Intercompany Media Engine Servers,
page 42-21.
Step 3 In the Remote Server’s CA’s Certificate area, click Install Remote Server’s CA’s Certificate. Installing
the root certificates of the CA for the remote servers is necessary so that the adaptive security appliance
can determine that the remote servers are trusted.
The Install Certificate dialog box appears. Install the certificate. See Installing a Certificate, page 42-18.
Note You must install the root certificates only when the root certificates for the remote servers are
received from a CA other than the one that provided the identity certificate for the adaptive
security appliance
Step 4 Click Next.
To Next Page
Loading...
Need help?
General
