McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 118

↗ View in doc context
page
118
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::109

Both ports use the Cisco Tomcat certificate and Tomcat-trust for incoming TLS/mTLS connections. Make sure that your Tomcat-trust store is able to verify the Expressway-C certificate for SIP OAuth mode for Mobile and Remote Access to function accurately. You must perform extra steps to upload the Expressway-C certificate into the Tomcat-Trust certificate store of the Cisco Unified Communications Manager, when: • Expressway-C certificate and Cisco Tomcat certificate is not signed by the same CA certificate. • Unified CM Cisco Tomcat certificate is not CA signed. Step 5 Click Save. Step 6 Repeat this procedure for each server that uses SIP OAuth. Configure OAuth Connection to Expressway-C Use this procedure to add the Expressway-C connection to Cisco Unified Communications Manager Administration. You need this configuration for devices in Mobile and Remote Access mode with SIP OAuth. Procedure Step 1 From Cisco Unified CM Administration, choose Device > Expressway-C. Step 2 (Optional) In the Find and List Expressway-C window, click Find to verify X.509 Subject Name/Subject Alternate Name that is pushed from the Expressway-C to Unified Communications Manager. Note If required, you can modify the values. Alternatively, if the entries are missing, add Expressway-C information. If the Expressway-C has a different domain than the Unified Communications Manager, then the administrator needs to access the Cisco Unified CM Administration User Interface and add the domain to the Expressway C in the Unified CM configuration. Step 3 Click Add New. Step 4 Enter an IP Address, Hostname or fully qualified domain name for the Expressway-C. Step 5 Enter a Description. Step 6 Enter the X.509 Subject Name/Subject Alternate Name of the Expressway-C from the Expressway-C certificate. Step 7 Click Save. Enable SIP OAuth Mode Use the Command Line Interface to enable SIP OAuth mode. Enabling this feature on the publisher node also enables the feature on all cluster nodes. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 100 Basic System Security Configure OAuth Connection to Expressway-C