07-20-2017 02:39 AM - edited 03-18-2019 01:19 PM
I'm preparing to create a CMS cluster with 3 db servers.
I'm a bit confused by what I find in the available doc:
In the document: Cisco Meeting Server Release 2.2 - Certificate Guidelines for Scalable and Resilient Server Deployments:
chapter: CSR for database clustering, page 20:
1. Create a private key and Certificate Request File for the database server. You can use the
same certificate on all of the servers in the database cluster; specify the FQDN of one of the
servers in the CN field and specify the FQDN of the other servers in the SAN field.
2. Create a private key and Certificate Request File for the database client. The CommonName
(CN) for a database client must equal ‘postgres’.
In the document: 210530 - Configure Cisco Meeting Server Call Bridge Database Clustering
chapter: Part 1. Certificate Creation, page 2:
a. For the databasecluster client certificate:
pki csr databasecluster CN:<domainname>
For example: pki csr databasecluster CN:vngtpres.aca
b. For the databasecluster server certificate:
pki csr databaseclusterserver CN:postgres
I suppose the offical doc "Cisco Meeting Server Release 2.2 - Certificate Guidelines for Scalable and Resilient Server Deployments" is the correct one?
Solved! Go to Solution.
07-20-2017 03:20 AM
Hi,
In my lab, I created certificates with following the Certificate Guidelines and now working fine.
Regards,
Yusuke
07-20-2017 04:01 AM
Yes it seems like typo.
anyways we should use the Cisco Meeting Server Release 2.2 - Certificate Guidelines for Scalable and Resilient Server Deployments"".
07-20-2017 03:20 AM
Hi,
In my lab, I created certificates with following the Certificate Guidelines and now working fine.
Regards,
Yusuke
07-20-2017 03:35 AM
Hi
both the documents are same, the guide give you details prospective of the command and the document: 210530 is more of a short version of the doc.
The command is pki csr <NAME> CN:<domainname>
this will create a csr file name <NAME>.csr and csr private key <NAME>.key
The name field is creating most of the confusion.
Regards,
Prasad Paradkar
Please rate if you agree
07-20-2017 03:54 AM
I do not agree - the dbserver and dbclient are reversed in both documents...
Confusing.
07-20-2017 04:01 AM
Yes it seems like typo.
anyways we should use the Cisco Meeting Server Release 2.2 - Certificate Guidelines for Scalable and Resilient Server Deployments"".
07-31-2017 01:16 AM
finally ,,i got it working with our internal CA generating the CER / PEM file ,,,
by using the externel CA like digicert ,,,they append the domain name to SAN field like example: postgres.example.com
,,,,so i had to go for internal CA...
01-19-2018 12:35 PM
Hi all,
When I try to upload the Root/Intermediate to the DB server I get permissions denied, Error Code 3. I was able to copy the db server/client signed cert after I changed the cert filename to match the filename on respective csr.
Am I missing something?
Thankyou.
Regards
Sriram
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide