Cicso Voice Servers DNS Name Change

Hi,

I am pretty new to Cisco phone systems, so I apologize if I do not have the terminology correct.

When I set up our Cisco voice servers (CUCM, CUPS, CUC) I set them up with an internal DNS namespace (domain.net).  Now, I would like to get third-party certificates for all three servers with a different domain name.  The server names themselves will not be different, I just want them to have, for instance, GoDaddy certificates for server.domain.com instead of using the self-signed certificates for server.domain.net.  The ultimate purpose for this is to use Jabber and the Self-Care Portals without getting certificate warning.  In the case of the CUPS server, I will also want to use the domain.com as the main domain.  Right now it is using user@domain.net when it is looking for internal user to add as contacts and, under Jabber > Options > Privacy, the "Inside my domain" value is domain.net (please see attachment PrivOptoins.jpg).

I know there's a simple command that will change the DNS zone for all of the server and this will also regenerate the self-signed certificates (which I will not be using in a lot of cases anyway).  My question is, do I need to do this?  Like I said, it seems to be pretty straightforward, but is it unneccessary work?

In all cases, Cisco phones are version 10.5.

Thanks,

Adam
PrivOptions.jpg
adkaruzaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

naderzCommented:
We found it easier (and, less cost) to deploy all the necessary certs from all the servers: CUCM, Unity, CUPs to each workstation. We do this by having a "Jabber" install package (script) that installs all the certs and Jabber at the same time. We also included the headset additions as well.

I would refrain from putting the voice servers in their own domain since you will then need to make DNS work between the two domains. Not difficult, but more work.

You will need to export the following from each server (make sure you include the Publisher and Subscriber both):

All the "tomcat" certs on all the servers plus the "xmpp" cert on the CUPS.

One other issue with 3rd-party certs are that they expire and now you have that on your schedule.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
adkaruzaAuthor Commented:
Hi, Naderz,

Thank you for the suggestions.  I understand how that will address the internal workstations, but how did you handle certificate warnings on mobile devices, for instance, Jabber for Android?

Thanks,

Adam
0
naderzCommented:
Good point. We have a limited number (hand-full) of Android devices with Jabber and those are done manually when we install and configure the App for the user.

I agree that a 3rd party Cert will eliminate that problem. Depends on numbers you are dealing with. In this case you can use the same domain as your other devices and generate the CSRs from each server. Wildcard Certs (as far as I know) are not supported.
0
adkaruzaAuthor Commented:
I'm sorry for the delay in getting back to you, naderz.  Thank you for your suggestions.
0
adkaruzaAuthor Commented:
Thank you for your advice, naderz.  We eventually went with changing the server DNS names.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Telecommunications

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.