Cisco ASA 5505 Configuration Manual page 937

Chapter 42 Using the Cisco Unified Communication Wizard
Click Next.
Step 5
See the Cisco Unified Presence server documentation for information on how to export the certificate
Note
for this server.
Configuring the Remote-Side Certificates for the Cisco Presence Federation
Proxy
Establishing a trust relationship across enterprises or across administrative domains is key for federation.
Across enterprises you must use a trusted third-party CA (such as, VeriSign). The security appliance
obtains a certificate with the FQDN of the Cisco Unified Presence server (certificate impersonation).
For the TLS handshake, the two entities, namely the local entity and a remote entity, could validate the
peer certificate via a certificate chain to trusted third-party certificate authorities. The local entity and
the remote entity enroll with the CAs. The adaptive security appliance as the TLS proxy must be trusted
by both the local and remote entities. The security appliance is always associated with one of the
enterprises. Within that enterprise, the entity and the security appliance authenticate each other by using
a self-signed certificate.
To establish a trusted relationship between the security appliance and the remote entity, the security
appliance can enroll with the CA on behalf of the Cisco Unified Presence server for the local entity. In
the enrollment request, the local entity identity (domain name) is used.
To establish the trust relationship, the security appliance enrolls with the third party CA by using the
Cisco Unified Presence server FQDN as if the security appliance is the Cisco Unified Presence server.
Note If the adaptive security appliance already has a signed identity certificate, you can skip
procedure and proceed directly to
Step 1 In the ASA's Identity Certificate area, click Generate CSR. The CSR parameters dialog box appears.
For information about specifying additional parameters for the certificate signing request (CSR), see
Generating a Certificate Signing Request (CSR) for a Unified Communications Proxy, page
Information dialog boxes appear indicating that the wizard is delivering the settings to the adaptive
security appliance and retrieving the certificate key pair information. The Identity Certificate Request
dialog box appears.
For information about saving the CSR that was generated and submitting it to a CA, see
Identity Certificate Request, page
Click Install ASA's Identity Certificate. See
Step 2
Federation and Cisco Intercompany Media Engine Servers, page
Click Remote Server's CA's Certificate. The Install Certificate dialog box appears. Install the
Step 3
certificate. See
Note
OL-20339-01
Configuring the Presence Federation Proxy by using the Unified Communication Wizard
Installing a Certificate, page
You must install a root CA certificate for each remote entity that communicates with the adaptive
security appliance because different organizations might be using different CAs.
Step 2.
42-19.
Installing the ASA Identity Certificate on the Presence
42-18.
Cisco ASA 5500 Series Configuration Guide using ASDM
Step 1
Saving the
42-21.
in this
42-18.
42-9