Cisco ASA 5505 User Manual
Page 1116
52-28
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 52 Configuring Cisco Intercompany Media Engine Proxy
Configuring Cisco Intercompany Media Engine Proxy
Commands
Purpose
Step 1
hostname(config)# crypto key generate rsa label
key-pair-label
hostname(config)# crypto ca trustpoint
trustpoint_name
hostname(config-ca-trustpoint)# enroll self
hostname(config-ca-trustpoint)# keypair keyname
hostname(config-ca-trustpoint)# subject-name
x.500_name
Example:
hostname(config)# crypto key generate rsa label
local-ent-key
hostname(config)# crypto ca trustpoint local-asa
hostname(config-ca-trustpoint)# enroll self
hostname(config-ca-trustpoint)# keypair
key-local-asa
hostname(config-ca-trustpoint)# subject-name
cn=Ent-local-domain-name**
.,
o="Example Corp"
Creates an RSA key and trustpoint for the
self-signed certificate.
Where
key-pair-label
is the RSA key for the local
ASA.
Where
trustpoint_name
is the trustpoint for the
local ASA.
Where keyname is key pair for the local ASA.
Where
x.500_name
includes the X.500 distinguished
name of the local ASA; for example,
cn=Ent-local-domain-name**
.
Note
The domain name that you enter here must
match the domain name that has been set for
the local Cisco UCM. For information about
how to configure the domain name for Cisco
UCM, see the Cisco Unified
Communications Manager documentation
for information.
Step 2
hostname(config-ca-trustpoint)# exit
Exits from Trustpoint Configuration mode.
Step 3
hostname(config)# crypto ca export trustpoint
identity-certificate
Example:
hostname(config)# crypto ca export local-asa
identity-certificate
Exports the certificate you created in
Step 1
. The
certificate contents appear on the terminal screen.
Copy the certificate from the terminal screen. This
certificate enables Cisco UCM to validate the
certificate that the ASA sends in the TLS handshake.
On the local Cisco UCM, upload the certificate into
the Cisco UCM trust store. See the Cisco Unified
Communications Manager documentation for
information.
Note
The subject name you enter while uploading
the certificate to the local Cisco UCM is
compared with the X.509 Subject Name
field entered on the SIP Trunk Security
Profile on Cisco UCM. For example,
“Ent-local-domain-name” was entered in
Step 1
of this task; therefore,
“Ent-local-domain-name” should be entered
in the Cisco UCM configuration.
Step 4
hostname(config)# crypto ca trustpoint
trustpoint_name
hostname(config-ca-trustpoint)# enroll terminal
Example:
hostname(config)# crypto ca trustpoint local-ent-ucm
hostname(config-ca-trustpoint)# enroll terminal
Creates a trustpoint for local Cisco UCM.
Where
trustpoint_name
is the trustpoint for the
local Cisco UCM.
Step 5
hostname(config-ca-trustpoint)# exit
Exits from Trustpoint Configuration mode.