Security Certificate Configuration for IM and Presence Service
This topic is only applicable if you require a secure
IM and Presence Service and
This topic describes how to configure security certificates
using a standalone CA. If you use an enterprise CA, refer to the Interdomain Federation for IM and Presence Service on Cisco Unified
example of the certificate exchange procedure using an enterprise CA.
SIP Proxy certificates (own and trust) should be X.509 version 3
Configure the Standalone Root Certificate Authority.
Sign in to your CA server and open a web browser.
Open the URL
Download a CA certificate, certificate chain, or
Base 64 for the Encoding Method.
Download CA Certificate.
Save the certificate file certnew.cer to the local disk.
If you do not know the Subject Common Name (CN) of the root
certificate, you can use an external certificate management tool to find out.
On Windows operating system, you can right-click the certificate file with a
.cer extension and open the certificate properties.
Upload Root Certificate onto IM and Presence Service
Before You Begin
Download the Root Certificate from the CA Server.
Copy the certnew.cer file to the local computer that you use to
IM and Presence Service node.
Cisco Unified IM and Presence Operating System Administration
Security > Certificate
cup-trust from the Certificate Name menu.
Leave the Root Name field blank.
Locate the certnew.cer file on your local computer.
You may need to change the certificate file to a .pem extension.
Make a note of the new CA certificate filename you have uploaded
to the cup-trust using the Certificate Management Find screen. This certificate
filename (without the .pem or .der extension) is the value you enter in the
'Root CA' field when uploading the CA-signed SIP proxy certificate.