In this third article, we will expand upon what we learned in part 1 and part 2 regarding Jabber and how to renew your CA-signed certificates. In this final article, we will examen the certification process within Cisco Expressway.
It is important to note that for Jabber Mobile and Remote Access (MRA) feature as well as for Business to Business calls (B2B), it is mandatory to have a CA-signed certificate on the Expressway-Edge node. On the other hand, there is no such requirement for Expressway-Core. However, Stack8 recommends a CA-signed certificate to be used on both Expressway servers.
Another requirement is to cross upload all Root and Intermediate certificates on both nodes in order for the Secure Traversal Zone to be active and communication between two Expressway nodes to work.
Do not forget to verify, every time you renew your certificates, if there is a change on the Root or any of the Intermediate certificates and Upload all new chain certs in the Trusted Certificates section of the server.