Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Generating an identity certificate for the ASBCE 1

Status
Not open for further replies.

dsm600rr

IS-IT--Management
Nov 17, 2015
1,444
US
Hello all,

I have created this certificate without an SBC. I am now trying to create the certificate for the SBC.

Is the only difference between the two:

- "Machine IP" is the Public IP Address to be assigned to the SBC?

Same SAN's and what not?

Currently with no ASBCE I Use the Following SAN's:

DNS:Our_FQDN,DNS:Our_Domain,IP:192.168.1.251(IPO),IP:public_IP,URI:sip:Our_FQDN,URI:sip:Our_Domain,URI:sip:192.168.1.251(IPO),URI:sip:public_IP

ACSS
 
derfloh: the 192.168.1.251 is the internal IP Address. When I try and generate the certificate it does not like something:

1_pqbnoy.png


2_wnyhou.png


SAN's:
DNS:Our SIP Registrar FQDN
DNS:Our SIP Domain Name
IP:192.168.1.251 (Internal IPO)
IP:XXX.XXX.XXX.213 (Public ASBCE)
URI:sip:Our SIP Registrar FQDN
URI:sip:Our SIP Domain Name
URI:sip:192.168.1.251 (Internal IPO)
URI:sip:XXX.XXX.XXX.213 (Public ASBCE)

ACSS
 
The public facing certificate should only need the DNS you use to connect to SBC and SIP domain if it's different.

"Trying is the first step to failure..." - Homer
 
janni78: So for the identity certificate for the ASBCE I should only need:?

DNS:Our SIP Registrar FQDN
DNS:Our SIP Domain Name


The document mentions an IP Address however does not specify what IP Address

3_rkvggx.png


ACSS
 
It says right on the top, it need FQDN and IP of IP Office and AppServers the ASBCE is handling traffic for.

"Trying is the first step to failure..." - Homer
 
janni78: Guess it helps if I read everything.

So I have:
DNS:ipo.company.com,DNS:company.com,IP:192.168.1.251 (Internal IPO)

Would I need to add one more IP Entry for the Application Server running VM Pro? Its on a different VLAN

Not sure if the Domain is requred in addition to the FQDN, that is how I did the certificate without the SBC

I am not sure why this keeps complaining about the IP Address:

IP_djbxf2.png


ACSS
 
derfloh: So I do not need to put the local IP Address of my IPO in the SAN?

Like so:?

Cert_wcbshd.png



ACSS
 
derfloh: Thank you. Question on the IP Office root certificate as well.

1_ocf1hd.png


When you download as "PEM-encoded" the file is a .pem file

The document states to re-name it as .crt

Is that correct or a typo?



ACSS
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top