Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2450
Views
0
Helpful
6
Replies

CMS Callbridge Cluster - dbcluster certificates

Go to solution
gfolens
Level 4
Level 4

‎07-20-2017 02:39 AM - edited ‎03-18-2019 01:19 PM

I'm preparing to create a CMS cluster with 3 db servers.

I'm a bit confused by what I find in the available doc:

In the document:  Cisco Meeting Server Release 2.2 - Certificate Guidelines for Scalable and Resilient Server Deployments:

chapter: CSR for database clustering, page 20:

1. Create a private key and Certificate Request File for the database server. You can use the
same certificate on all of the servers in the database cluster; specify the FQDN of one of the
servers in the CN field and specify the FQDN of the other servers in the SAN field.

2. Create a private key and Certificate Request File for the database client. The CommonName
(CN) for a database client must equal ‘postgres’.

In the document: 210530 - Configure Cisco Meeting Server Call Bridge Database Clustering

chapter: Part 1. Certificate Creation, page 2:

a. For the databasecluster client certificate:
pki csr databasecluster CN:<domainname>
For example: pki csr databasecluster CN:vngtpres.aca
b. For the databasecluster server certificate:
pki csr databaseclusterserver CN:postgres

I suppose the offical doc "Cisco Meeting Server Release 2.2 - Certificate Guidelines for Scalable and Resilient Server Deployments" is the correct one?

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Yusuke Yoshinaga
Cisco Employee
Cisco Employee

‎07-20-2017 03:20 AM

Hi,

In my lab, I created certificates with following the Certificate Guidelines and now working fine.

Regards,

Yusuke

View solution in original post

0 Helpful

Go to solution
Prasad Paradkar
Level 1
Level 1
In response to gfolens

‎07-20-2017 04:01 AM

Yes it seems like typo.

anyways we should use the Cisco Meeting Server Release 2.2 - Certificate Guidelines for Scalable and Resilient Server Deployments"".

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Yusuke Yoshinaga
Cisco Employee
Cisco Employee

‎07-20-2017 03:20 AM

Hi,

In my lab, I created certificates with following the Certificate Guidelines and now working fine.

Regards,

Yusuke

0 Helpful

Go to solution
Prasad Paradkar
Level 1
Level 1

‎07-20-2017 03:35 AM

Hi 

both the documents are same, the guide give you details prospective of the command and the  document: 210530 is more of a short version of the doc.

The command is pki csr <NAME> CN:<domainname>

this will create a csr file name <NAME>.csr and csr private key <NAME>.key

The name field is creating most of the confusion.

Regards,

Prasad Paradkar

Please rate if you agree 

0 Helpful

Go to solution
gfolens
Level 4
Level 4
In response to Prasad Paradkar

‎07-20-2017 03:54 AM

I do not agree - the dbserver and dbclient are reversed in both documents...

Confusing.

0 Helpful

Go to solution
Prasad Paradkar
Level 1
Level 1
In response to gfolens

‎07-20-2017 04:01 AM

Yes it seems like typo.

anyways we should use the Cisco Meeting Server Release 2.2 - Certificate Guidelines for Scalable and Resilient Server Deployments"".

0 Helpful

Go to solution
maqsood ahmed
Level 1
Level 1
In response to Prasad Paradkar

‎07-31-2017 01:16 AM

finally ,,i got it working with  our internal CA  generating the CER / PEM file ,,,

by using the externel CA  like digicert ,,,they append the domain name to SAN field  like example:  postgres.example.com

,,,,so i had to go for internal CA...

0 Helpful

Go to solution
srirgopa
Level 1
Level 1
In response to maqsood ahmed

‎01-19-2018 12:35 PM

Hi all,

 

When I try to upload the Root/Intermediate to the DB server I get permissions denied, Error Code 3. I was able to copy the db server/client signed cert after I changed the cert filename to match the filename on respective csr.

 

Am I missing something?

 

Thankyou.

Regards

Sriram

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents