Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
735
Views
5
Helpful
2
Replies

CWMS 2.5 Certificate questions

Go to solution
SHANE MOORCROFT
Level 1
Level 1

‎05-28-2015 10:22 PM - edited ‎03-17-2019 05:13 PM

Hi 

 

I have a CWMS 2.5 system deployed with HA, split horizon and public access. I am going through the process of purchasing the Public Certificates required. Generating a wild card cert is not an option in my environment which leaves me with generating the CSR with SAN for the internal servers. 

I have some questions I was hoping someone may be able to answer:

  • If the CSR was generated externally from CWMS could I choose what SAN's to include in the certificate? for example leave out the admin URL.
  • Do all the SAN's auto populated in the CWMS generation wizard have to be included?
  • Once I have the certs and create the cert bundle file to upload, does the cert file get uploaded to all 6 servers in the environment or does it get uploaded to only the admin and IRP servers?

 

Appreciate any assistance

 

regards

Shane

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dpetrovi
Cisco Employee
Cisco Employee

‎05-29-2015 04:44 AM

HI Shane,

 

Let me answer your questions below:

  • If the CSR was generated externally from CWMS could I choose what SAN's to include in the certificate? for example leave out the admin URL. If you do that, you won't be able to install a SSL cert obtained based on such CSR. SSL cert must include all internal VMs' hostnames as well as Admin URL and WebEx Site URL.
  • Do all the SAN's auto populated in the CWMS generation wizard have to be included? Yes.
  • Once I have the certs and create the cert bundle file to upload, does the cert file get uploaded to all 6 servers in the environment or does it get uploaded to only the admin and IRP servers? It gets uploaded to all the servers. Admin VM distributes the SSL cert to all the VMs.

Let me know if you have any more questions.

Kind regards,

-Dejan

View solution in original post

2 Replies 2

Go to solution
dpetrovi
Cisco Employee
Cisco Employee

‎05-29-2015 04:44 AM

HI Shane,

 

Let me answer your questions below:

  • If the CSR was generated externally from CWMS could I choose what SAN's to include in the certificate? for example leave out the admin URL. If you do that, you won't be able to install a SSL cert obtained based on such CSR. SSL cert must include all internal VMs' hostnames as well as Admin URL and WebEx Site URL.
  • Do all the SAN's auto populated in the CWMS generation wizard have to be included? Yes.
  • Once I have the certs and create the cert bundle file to upload, does the cert file get uploaded to all 6 servers in the environment or does it get uploaded to only the admin and IRP servers? It gets uploaded to all the servers. Admin VM distributes the SSL cert to all the VMs.

Let me know if you have any more questions.

Kind regards,

-Dejan

Go to solution
SHANE MOORCROFT
Level 1
Level 1
In response to dpetrovi

‎06-01-2015 03:53 PM

Hi Dejan

 

Thanks for answering my questions. Much appreciated.

 

regards

Shane

 

0 Helpful
Customers Also Viewed These Support Documents