07-05-2015 11:50 PM - edited 03-17-2019 05:19 PM
Dear all.
Hi I'm Yoong Huh.
I just tested i a CWMS MR5 system in my lab. And I find someting different result in Genereta CSR in security tap of CWMS administration page.
Here is snapshot of CWMS 2.5 with no update.
Meeting URL : meetingmr5.comtectest.com
Administration URL : supportmr5.comtectest.com
AdminVM: adminvmmr5.comtectest.com
Meeting URL is located in Common name.
And i think it is good.
Then i updated to 2.5 MR5
And Administration URL is located in Common name of Generate CSR page.
I think that CWMS working wrong way.
Regards.
Yoong Huh.
Solved! Go to Solution.
07-07-2015 04:54 PM
Hi Yoong Huh,
Yes, internal SSL cert has Administration URL for common name plus all other internal VM hostnames as part of the Subject Alternative Names, while external SSl cert has only WebEx Site URL as common name.
If you had SSL cert installed on 2.5 MR4 and earlier versions, after updating to 2.5 MR5 you won't need to do anything until those original SSL certs expire. Once these SSL certs expire, then you will need to obtain External SSL cert from Public Certification Authority for WebEx Site URL, and you can use self-signed SSL certs for internal VMs and Administration URL. You will have to distribute those internal self-signed SSL certs to your internal end users so these self-signed SSL certs are trusted by their browsers.
I hope this helps.
-Dejan
07-06-2015 05:13 AM
Hi Yoong Huh,
CWSM 2.5 MR5 introduces a new feature which splits internal and external SSL certs. In CWMS 2.5 MR5 now you have the option to use self-signed SSL certs for your internal CWMS VMs (and propagate those free self-signed SSL certs to your internal end user community for secure access to CWMS) while using a publicly signed SSL cert for your WebEx Site URL. That way, you can have your internal VMs' hostnames using .local or .internal domains, while only your WebEx Site URL using publicly resolvable hostnames. That way, you can obtain the publicly signed SSL cert just for your WebEx Site URL (which is much cheaper than getting a SAN SSL cert for all your internal VMs as well).
I hope this clarifies it a little bit.
-Dejan
P.S. Please take a look at Split Certificate feature description in Release Notes, as well as the documentation Configuration Guide for more details.
07-07-2015 04:49 PM
Hi Dejan.
Thanks for your reply.
Is that mean the internal SSL cert has Administration URL for common name, and External cert has Site URL for common name ?
New version features, am i right?
And it means External cert is optional, and i think internal Cert is same to previous version cert(~ 2.5MR4).
If it's right, i think, when customer rehost the CWMS and upgarde to MR2.5, customer have to reissue the Cert for changed common name (Site URL -> Administration URL)
Best Regards.
Yoong Huh.
07-07-2015 04:54 PM
Hi Yoong Huh,
Yes, internal SSL cert has Administration URL for common name plus all other internal VM hostnames as part of the Subject Alternative Names, while external SSl cert has only WebEx Site URL as common name.
If you had SSL cert installed on 2.5 MR4 and earlier versions, after updating to 2.5 MR5 you won't need to do anything until those original SSL certs expire. Once these SSL certs expire, then you will need to obtain External SSL cert from Public Certification Authority for WebEx Site URL, and you can use self-signed SSL certs for internal VMs and Administration URL. You will have to distribute those internal self-signed SSL certs to your internal end users so these self-signed SSL certs are trusted by their browsers.
I hope this helps.
-Dejan
07-07-2015 05:19 PM
Hi Dejan.
Thanks for reply.
I understand about MR5 split cert.
Thanks
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide