52-28
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter52 Configuring Cisco Intercompany Media E ngine Proxy
Configuring Cisco Intercompany Media Engine Proxy
Commands Purpose
Step1 hostname(config)# crypto key generate rsa label
key-pair-label
hostname(config)# crypto ca trustpoint
trustpoint_name
hostname(config-ca-trustpoint)# enroll self
hostname(config-ca-trustpoint)# keypair keyname
hostname(config-ca-trustpoint)# subject-name
x.500_name
Example:
hostname(config)# crypto key generate rsa label
local-ent-key
hostname(config)# crypto ca trustpoint local-asa
hostname(config-ca-trustpoint)# enroll self
hostname(config-ca-trustpoint)# keypair
key-local-asa
hostname(config-ca-trustpoint)# subject-name
cn=Ent-local-domain-name**., o="Example Corp"
Creates an RSA key and trustpoint for the
self-signed certificate.
Where key-pair-label is the RSA key for the local
ASA.
Where trustpoint_name is the trustpoint for the
local ASA.
Where keyname is key pair for the local ASA.
Where x.500_name includes the X.500 distinguished
name of the local ASA; for example,
cn=Ent-local-domain-name**.
Note The domain name that you enter here must
match the domain name that has been set for
the local Cisco UCM. For information about
how to configure the domain name for Cisco
UCM, see the Cisco Unified
Communications Manager documentation
for information.
Step2 hostname(config-ca-trustpoint)# exit Exits from Trustpoint Configuration mode.
Step3 hostname(config)# crypto ca export trustpoint
identity-certificate
Example:
hostname(config)# crypto ca export local-asa
identity-certificate
Exports the certificate you created in Step 1. The
certificate contents appear on the terminal screen.
Copy the certificate from the terminal screen. This
certificate enables Cisco UCM to validate the
certificate that the ASA sends in the TLS handshake.
On the local Cisco UCM, upload the certificate into
the Cisco UCM trust store. See the Cisco Unified
Communications Manager documentation for
information.
Note The subject name you enter while uploading
the certificate to the local Cisco UCM is
compared with the X.509 Subject Name
field entered on the SIP Trunk Security
Profile on Cisco UCM. For example,
“Ent-local-domain-name” was entered in
Step 1 of this task; therefore,
“Ent-local-domain-name” should be entered
in the Cisco UCM configuration.
Step4 hostname(config)# crypto ca trustpoint
trustpoint_name
hostname(config-ca-trustpoint)# enroll terminal
Example:
hostname(config)# crypto ca trustpoint local-ent-ucm
hostname(config-ca-trustpoint)# enroll terminal
Creates a trustpoint for local Cisco UCM.
Where trustpoint_name is the trustpoint for the
local Cisco UCM.
Step5 hostname(config-ca-trustpoint)# exit Exits from Trustpoint Configuration mode.