07-20-2017 02:39 AM - edited 03-18-2019 01:19 PM
I'm preparing to create a CMS cluster with 3 db servers.
I'm a bit confused by what I find in the available doc:
In the document: Cisco Meeting Server Release 2.2 - Certificate Guidelines for Scalable and Resilient Server Deployments:
chapter: CSR for database clustering, page 20:
1. Create a private key and Certificate Request File for the database server. You can use the
same certificate on all of the servers in the database cluster; specify the FQDN of one of the
servers in the CN field and specify the FQDN of the other servers in the SAN field.
2. Create a private key and Certificate Request File for the database client. The CommonName
(CN) for a database client must equal ‘postgres’.
In the document: 210530 - Configure Cisco Meeting Server Call Bridge Database Clustering
chapter: Part 1. Certificate Creation, page 2:
a. For the databasecluster client certificate:
pki csr databasecluster CN:<domainname>
For example: pki csr databasecluster CN:vngtpres.aca
b. For the databasecluster server certificate:
pki csr databaseclusterserver CN:postgres
I suppose the offical doc "Cisco Meeting Server Release 2.2 - Certificate Guidelines for Scalable and Resilient Server Deployments" is the correct one?
Solved! Go to Solution.
07-20-2017 03:20 AM
Hi,
In my lab, I created certificates with following the Certificate Guidelines and now working fine.
Regards,
Yusuke
07-20-2017 04:01 AM
Yes it seems like typo.
anyways we should use the Cisco Meeting Server Release 2.2 - Certificate Guidelines for Scalable and Resilient Server Deployments"".
07-20-2017 03:20 AM
Hi,
In my lab, I created certificates with following the Certificate Guidelines and now working fine.
Regards,
Yusuke
07-20-2017 03:35 AM
Hi
both the documents are same, the guide give you details prospective of the command and the document: 210530 is more of a short version of the doc.
The command is pki csr <NAME> CN:<domainname>
this will create a csr file name <NAME>.csr and csr private key <NAME>.key
The name field is creating most of the confusion.
Regards,
Prasad Paradkar
Please rate if you agree
07-20-2017 03:54 AM
I do not agree - the dbserver and dbclient are reversed in both documents...
Confusing.
07-20-2017 04:01 AM
Yes it seems like typo.
anyways we should use the Cisco Meeting Server Release 2.2 - Certificate Guidelines for Scalable and Resilient Server Deployments"".
07-31-2017 01:16 AM
finally ,,i got it working with our internal CA generating the CER / PEM file ,,,
by using the externel CA like digicert ,,,they append the domain name to SAN field like example: postgres.example.com
,,,,so i had to go for internal CA...
01-19-2018 12:35 PM
Hi all,
When I try to upload the Root/Intermediate to the DB server I get permissions denied, Error Code 3. I was able to copy the db server/client signed cert after I changed the cert filename to match the filename on respective csr.
Am I missing something?
Thankyou.
Regards
Sriram
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: