The System name defines the name of the Expressway. It appears in various places in the web interface and is also used by Cisco TMS. We recommend using a name that lets you easily and uniquely identify the Expressway.

For extra security, you may want to have the Expressway communicate with other systems (such as LDAP servers, neighbor Expressways, or clients such as SIP endpoints and web browsers) using TLS encryption.

For this to work successfully in a connection between a client and server:

• The server must have a certificate installed that verifies its identity. The certificate must be signed by a Certificate Authority (CA).

• The client must trust the CA that signed the certificate used by the server.

The Expressway lets you install a certificate that can represent the Expressway as either a client or a server in connections using TLS. The Expressway can also authenticate client connections (typically from a web browser) over HTTPS. You can also upload certificate revocation lists (CRLs) for the CAs used to verify LDAP server and HTTPS client certificates.

The Expressway can generate server certificate signing requests (CSRs). This removes the need to use an external mechanism to generate certificate requests.

For secure communications (HTTPS and SIP/TLS), we recommend that you replace the Expressway default certificate with a certificate generated by a trusted certificate authority.

TLS can be difficult to configure. For example, when using it with an LDAP server we recommend verifying that the system works correctly over TCP, before you attempt to secure the connection with TLS. We also recommend using a third-party LDAP browser to verify that your LDAP server is correctly configured for TLS.

Note	Be careful not to allow your CA certificates or CRLs to expire. This may cause certificates signed by those CAs to be rejected.

To load the trusted CA list, go to Maintenance > Security > Trusted CA certificate.

To generate a CSR and/or upload the Expressway's server certificate, go to Maintenance > Security > Server certificate.

Additional server certificate requirements apply when configuring your Expressway system for Unified Communications. For full information, see Expressway Certificate Creation and Use Deployment Guide on the Expressway Configuration Guides page.

The NTP server address fields set the IP addresses or Fully Qualified Domain Names (FQDNs) of the NTP servers to be used to synchronize system time. The Time zone sets the local time zone of the Expressway.

Note	You can synchronize the Expressway-C and Expressway-E with different NTP servers, if the result is that the Expressway traversal pair are synchronized.

The Expressway acts as a SIP Registrar for configured SIP domains, accepting registration requests for any SIP endpoints attempting to register with an alias that includes these domains.

• Registration restriction (Allow or Deny) rules can be configured to limit acceptable registrations. See Task 18: Configuring Registration Restriction Policy (Optional).

• If authentication is enabled, only devices that can properly authenticate themselves will be allowed to register.