16-24
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter16 Using the Cisco Unified Communication Wizard
Working with Certificates in the Unified Communication Wizard
Presence Federation server, and the Cisco Unified Communications Manager servers, respectively, on
the ASA. See the documentation for each of these products for information about obtaining the identity
certificates from each.
When configuring the Cisco Phone Proxy, if LSC provisioning is required or you have LSC enabled IP
phones, you must install the CAPF certificate from the Cisco UCM on the ASA. If the Cisco UCM has
more than one CAPF certificate, you must import all of them to the ASA. See Enabling Certificate
Authority Proxy Function (CAPF) for IP Phones, page16-8.
Additionally, when configuring the Cisco Mobility Advantage Proxy, you use the Install Certificate
dialog box to install the root certificate received from the certificate authority. The root certificate from
the certificate authority is used to sign other certificates. The root certificate is used by the ASA to
authenticate your signed identity certificate received from the certificate authority.
Note When using the wizard to configure the Unified Communications proxies, the wizard only supports
installing self-signed certificates.
From the Install Certificate dialog box, perform these steps:
Step1 Perform one of the following actions:
To add a certificate configuration from an existing file, click the Install from a file radio button (this
is the default setting). Enter the path and file name, or click Browse to search for the file. Then click
Install Certificate.
To enroll manually, click the Paste certificate in PEM format radio button. Copy and paste the
PEM format (base64 or hexadecimal) certificate into the area provided.
Step2 Click Install Certificate.
An information dialog box appears informing you that the certificate was installed on the ASA
successfully.
Generating a Certificate Signing Request (CSR) for a Unified Communications
Proxy
When configuring certificates for the Cisco Mobility Advantage Proxy, Cisco Presence Federation
Proxy, or Cisco Intercompany Media Engine Proxy, you must generate and identity certificate request
for the ASA.
Note If the ASA already has a signed identity certificate, you do not need to generate a CSR and can proceed
directly to installing this certificate on the ASA. See Installing the ASA Identity Certificate on the
Mobility Advantage Server, page16-26 and Installing the ASA Identity Certificate on the Presence
Federation and Cisco Intercompany Media Engine Servers, page16-26 for the steps to install the identity
certificate.
The identify certificate that you receive is presented to the following entities for each of the Unified
Communication Proxies:
Unified Mobile Communicator clients for the Cisco Mobility Advantage Proxy