Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
727
Views
10
Helpful
2
Replies

CMS DNS

CGL
Level 1
Level 1

‎02-01-2021 12:22 AM

Hi all, 

 

I have some questions surrounding DNS for CMS in Resilient deployment using EW as https proxy. 

 

We plan to have our external DNS pointing towards the EW-E using DNS-A records for external access to meetings eg: DNS A: join.example.com > EW-E with certificate that matches with SAN:

CN: EW-1.vc.example.com (SIP domain)

SAN: join.example.com 

DNS configured with round robin for cluster.

 

The DNS records for the internal though I am a little confused, do we point the internal DNS at the CMS using the same above address for example:

Internal DNS A record: join.example.com > CMS round robin configuration 

 

Certificates

CN: cms1.vc.example.com

SAN: join.example.com 

Does this need to be a public certificate to overcome the browser error or a separate signed certificate trusted by internal users? 

 

This is a low level version but I am trying to understand how internal vs external people are processed in CMS?

 

Thanks for any advice offered. 

Labels:
0 Helpful
2 Replies 2

Shalid Kurunnan Chalil
Spotlight
Spotlight

‎02-01-2021 02:28 AM

Hi. 

To work the webRTC internally, you only need to certify with internal Private CA. 

you may find the following URL usefull. (https://cmslab.ciscolive.com/pod6/cms/initsetup ) I refer to this whenever I stuck with any doubts in my configurations. 

 

Regards

*** Rates the post if you find it useful 

Nithin Eluvathingal
VIP
VIP

‎02-01-2021 07:15 PM

Does this need to be a public certificate to overcome the browser error or a separate signed certificate trusted by internal users? 

 

Public CA issue certificates only  for public domain and not internal domain. So if you internal and external domain is different you need to use internal CA signed certificate. There are scenarios where internal and external domains are same in that case you can use public signed certificates internally. 

 

 

Some of your smart phone browsers  give warning about certificates when accessing the webrtc link internally and by accepting you an proceed.But what I remember is when using safari it won't allow you to open the page with a certificate warning on iPhone. 

 

 

 

 

 



Response Signature


Customers Also Viewed These Support Documents