Configuring Security Certificates for Cisco Unified Presence to Cisco Unified Presence Federation (with no Cisco Adaptive Security Appliance)

Available Languages

Download Options

PDF (120.8 KB)
View with Adobe Reader on a variety of devices

Updated:August 26, 2008

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Configuring Security Certificates for Cisco Unified Presence to Cisco Unified Presence Federation (with no Cisco Adaptive Security Appliance)

Table Of Contents

Configuring Security Certificates for Cisco Unified Presence to Cisco Unified Presence Federation (with no Cisco Adaptive Security Appliance)

How to Exchange Certificates Using Self-Signed Certificates

Generating a New Certificate on Cisco Unified Presence Server1

Importing the Certificate onto Cisco Unified Presence Server2

Generating a New Certificate on Cisco Unified Presence Server2

Importing the New Certificate onto Cisco Unified Presence Server1

How to Exchange Certificates Using CA-Signed Certificates

Downloading the Root Certificate

Uploading the Root Certificate onto Cisco Unified Presence

Generating the Certificate Signing Request on Cisco Unified Presence

Downloading the Signed Certificate

Uploading the Signed Certificate onto Cisco Unified Presence

Configuring Security Certificates for Cisco Unified Presence to Cisco Unified Presence Federation (with no Cisco Adaptive Security Appliance)

January 26, 2009

•How to Exchange Certificates Using Self-Signed Certificates

•How to Exchange Certificates Using CA-Signed Certificates

How to Exchange Certificates Using Self-Signed Certificates

•Generating a New Certificate on Cisco Unified Presence Server1

•Importing the Certificate onto Cisco Unified Presence Server2

•Generating a New Certificate on Cisco Unified Presence Server2

•Importing the New Certificate onto Cisco Unified Presence Server1

Note In order identify each Cisco Unified Presence server, the servers are referred to as Cisco Unified Presence server1 and Cisco Unified Presence server2.

Generating a New Certificate on Cisco Unified Presence Server1

Procedure

Step 1 On Cisco Unified Presence server1, select Cisco Unified Operating System Administration > Security > Certificate Management.

Step 2 Click Generate New.

Step 3 Select sipproxy for the certificate name.

Step 4 Click on sipproxy.pem in the certificate list.

The certificate configuration displays. The `Issuer CN' and the `Subject CN' should be the FQDN of the Cisco Unified Presence server1.

Step 5 Click Download, and save the certificate locally as sipproxy.pem.

What To Do Next

Importing the Certificate onto Cisco Unified Presence Server2

Importing the Certificate onto Cisco Unified Presence Server2

Before You Begin

Complete the steps in Generating a New Certificate on Cisco Unified Presence Server1

Procedure

Step 1 On Cisco Unified Presence server2, select Cisco Unified Operating System Administration > Security > Certificate Management.

Step 2 Click Upload Certificate.

Step 3 Select sipproxy-trust. for the certificate name.

Note Leave the Root Name field blank.

Step 4 Click Browse.

Step 5 Locate the certificate (that you created in the previous procedure) on your local computer.

Step 6 Click Upload File.

Troubleshooting Tips

When the certificate list is refreshes, the entry sipproxy-trust should be present. The .pem file, .der file and File Name of this entry should be the FQDN of Cisco Unified Presence server1.

What To Do Next

Generating a New Certificate on Cisco Unified Presence Server2

Generating a New Certificate on Cisco Unified Presence Server2

Before You Begin

Complete the steps Importing the Certificate onto Cisco Unified Presence Server2

Procedure

Step 1 On Cisco Unified Presence server2, select Cisco Unified Operating System Administration > Security > Certificate Management.

Step 2 Generate and download the sipproxy.pem file as described in Generating a New Certificate on Cisco Unified Presence Server1.

Troubleshooting Tips

In the certificate configuration, the `Issuer CN' and the `Subject CN' of the certificate should be the FQDN of the Cisco Unified Presence server2.

What To Do Next

Importing the New Certificate onto Cisco Unified Presence Server1

Importing the New Certificate onto Cisco Unified Presence Server1

Before You Begin

Complete the steps in Generating a New Certificate on Cisco Unified Presence Server2

Procedure

Step 1 On Cisco Unified Presence Server1, select Cisco Unified Operating System Administration > Security > Certificate Management.

Step 2 Upload the certificate as described in Importing the Certificate onto Cisco Unified Presence Server2.

Troubleshooting Tips

When the certificate list refreshes, the entry sipproxy-trust should be present. The .pem file, .der file and File Name of this entry should be the FQDN of Cisco Unified Presence server2.

What To Do Next

Importing the New Certificate onto Cisco Unified Presence Server1

How to Exchange Certificates Using CA-Signed Certificates

•Downloading the Root Certificate

•Uploading the Root Certificate onto Cisco Unified Presence

•Generating the Certificate Signing Request on Cisco Unified Presence

•Downloading the Signed Certificate

•Uploading the Signed Certificate onto Cisco Unified Presence

Note You need to perform the procedures described in this section on both Cisco Unified Presence servers.

Downloading the Root Certificate

Procedure

Step 1 Click Start > Run.

Step 2 Type http://<name of your Issuing CA Server>/certsrv.

Step 3 Click OK.

Step 4 Click Download a CA certificate, certificate chain, or CRL from Select a task.

Step 5 Click Base 64.

Step 6 Click Download CA certificate.

What To Do Next

Uploading the Root Certificate onto Cisco Unified Presence

Uploading the Root Certificate onto Cisco Unified Presence

Before You Begin

Complete the steps in Downloading the Root Certificate

Step 1 Select Cisco Unified Operating System Administration > Security > Certificate Management.

Step 2 Click Upload Certificate.

Step 3 Select sipproxy-trust for the certificate name.

Note Leave the Root Name field blank.

Step 4 Click Browse.

Step 5 Locate the CA certificate file (that you created in the previous procedure) on your local computer.

Step 6 Click Upload File.

Troubleshooting Tips

When the certificate list is refreshed, the entry sipproxy-trust should be present. The .pem file, .der file and File Name of this entry should be the name of the CA that you downloaded the CA certificate from.

What To Do Next

Generating the Certificate Signing Request on Cisco Unified Presence

Generating the Certificate Signing Request on Cisco Unified Presence

Step 1 Select Cisco Unified Operating System Administration > Security > Certificate Management.

Step 2 Click Generate New.

Step 3 Select sipproxy for the certificate name.

Step 4 Click Generate New.

Step 5 Click Generate CSR on the Certificate Management screen.

Step 6 Select sipproxy for the certificate name.

Step 7 Click Generate CSR.

Step 8 Click Download CSR on the Certificate Management screen.

Step 9 Select sipproxy for the certificate name.

Step 10 Click Download CSR.

Step 11 Select the location on your local machine where you wish to download the CSR file to.

Step 12 Using a text editor, open the CSR file you downloaded to your local machine in the previous step.

Step 13 Copy the contents of the CSR file.

You must copy all information from and including

-----BEGIN CERTIFICATE REQUEST

to and including

END CERTIFICATE REQUEST-----

Step 14 On your internet browser, browse to your CA server at the URL http://<name of your Issuing CA Server>/certsrv.

Step 15 Click Request a certificate.

Step 16 Select Advanced certificate request.

Step 17 Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

Step 18 Paste the contents of the CSR file (that you copied in step 13) into the Saved Request field.

Step 19 Click Submit.

What To Do Next

Downloading the Signed Certificate

Downloading the Signed Certificate

Before You Begin

Complete the steps in Generating the Certificate Signing Request on Cisco Unified Presence

Step 1 On your internet browser, browse to your CA server at the URL http://<name of your Issuing CA Server>/certsrv.

Step 2 Click View the status of a pending certificate request.

Step 3 Click on the certificate request that you issued in the previous section.

Step 4 Click Base 64 encoded.

Step 5 Click Download certificate.

Step 6 Save the certificate to your local machine:

•Specifying a certificate file name sipproxy.pem.

•Save the certificate as type `Security Certificate'.

What To Do Next

Uploading the Signed Certificate onto Cisco Unified Presence

Uploading the Signed Certificate onto Cisco Unified Presence

Before You Begin

Complete the steps in Downloading the Signed Certificate

Step 1 Select Cisco Unified Operating System Administration > Security > Certificate Management.

Step 2 Click Upload Certificate.

Step 3 Select sipproxy for the certificate name.

Step 4 For the root certificate, enter the name of the root certificate you generated previously.

Step 5 Click Browse.

Step 6 Select the sipproxy.pem file downloaded from the CA.

Step 7 Click Upload File.

Step 8 On Cisco Unified Presence, select Cisco Unified Operating System Administration > Security > Certificate Management.

Step 9 Click on the sipproxy.pem entry.

Step 10 Verify that the issuer of the certificate is the CA that you received the certificate from, and the subject of the certificate is the FQDN of the Cisco Unified Presence server.

Related Topics

Uploading the Root Certificate onto Cisco Unified Presence

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)