I noticed that this part of Cisco Meeting Server Implementation Certificate Requirement is not enough detailed in many documentations and videos. Understanding this part of Certificate Requirement is mandatory to set up the Cisco Meeting Server and configure services such as webadmin, webbridge and callbridge, in this article I detailed as much as possible how to prepare the certificates how to deal with the certificate ‘s field such the Common Name, Subject Alternative Name and The chain certificate and how to enable the CMS Services. See below a detailed explanation.
Certificate Preparation for Cisco Meeting Server
Certificate configuration is required for the Call Bridge, XMPP, Web Bridge and Web Admin services. Certificates should be signed by internal or external certificate authorities.
To generate a Certificate Signing Request (CSR) and private key locally, the following command is used, I give the name cmscert.
To retrieve the CSR, login to HQ-CMS using WinSCP.
Access the CA server 10.1.6.27.
Start the Certification Authority console, select CertificateTemplate. Right-click the CertificateTemplate and select Manage.
Duplicate the Web Server template and configure the duplicate template to allow server and client authentication.
On the Certificate Console, issue a new certificate template named CMS.
Click Download a CA certificate, certificate chain, or CRL.
Select Base 64, then click Download CA certificate, name it Root-CA.
Below the CA’s certificate.
Now the CA’s certificate and the Subordinate CA’s certificate with the Common Name : collab.com are ready, we can create a chain certificate.
To create a chain certificate, use a plain text editor such as notepad. All of the characters including the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– tags need to be inserted into the document. There should be no space between the certificates, for example no spaces or extra lines between —–END CERTIFICATE—– of certificate 1 and —–BEGIN CERTIFICATE—– of certificate 2. Certificate 1 will end with —–END CERTIFICATE—– and the very next line will have —–BEGIN CERTIFICATE—- for certificate 2. At the end of the file there should be 1 extra line. Save the file with an extension of .pem, .cer, or .crt.
Edit the certificate named adcert created previously with nodepad.
Edit the Root-CA certificate with nodepad.
Past the adcert certificate first and then past the Root-CA certificate at the end, save the file with .cer extension. Name it CA-Chain.cer.
Below the Chain Certificate named CA-Chain.
A chain certificate is also required for Webbridge3 in version 3.
Edit the certificate named cmscert created previously with nodepad.
Edit the CA-Chain certificate created previously with nodepad.
Past the cmscert certificate first and then past the CA-Chain certificate at the end, save the file with .cer extension. Name it CMS-Chain.cer.
Below the Chain Certificate named CMS-Chain.
Copy the three certificates cmscert, CA-Chain and CMS-Chain to hq-cms using WinSCP.
You can use the pki list command to verify that the three certificates are present.
Enabling the Web Admin Service
By default, Web Admin listens on HTTPS port of 443. However, we will enable the Web Bridge for conference users and this service will be available on the default HTTPS port 443. To enable both services to co-exist, we will configure Web Admin to listen on port 445.
On HQ-CMS, specify the interface and HTTPS port 445 for the web interface.
For the certificate to be used, specify the certificate cmscert created in previously with the relevant key.
Finally activate the web admin service.
Configure callbridge on HQ-CMS listen on the interface a.
Specify the certificate cmscert created in previously with the relevant key.
Restart the callbridge
Verify the callbridge on both HQ-CMS.
Webbridge 3 Configuration
From the HQ-CMS CLI, enter the following commands.
An employee asked me that they aren't able to make a call to a couple of students. They were knew and thought she just did not type the correct format when making external calls. I asked for the phone numbers and tried calling them from my office pho...
when I try to access Cisco Unified Communications Managerthe system has not synchronized with Enterprise License Manager you will no longer be able to provision users and devices.when i to access to link Cisco Enterprise License Manager the screen i...
Hi, I've seen similar questions asked here but thought I would start a new discussion as I haven't seen an answer. We have CUC in High Availability cluster and occasionally backups on the Publisher fail. Manual backups always work but approximately 5...
Hi, I have the following:ISR4331 - 100 phones SRST capacityVG450 - 144 SCCP configured for analog basic phones40 x Cisco 8851We configured all 8851 in a device pool with ISR4331 as SRST reference. We configured all VG450 ports (except two) in a...