SSL Configuration on two MeetingPlace Application servers in failover mode

Igor Lukic · ‎06-19-2012

Hi community,

I will need to configure SSL on two Cisco Unified MeetingPlace Application (Release 8.5.4) servers running in failover mode. Will it be sufficient to generate the CSR on the active node, then obtain the certificate from the CA and upload the certificate on the active node?

Or do I have to go through the process two times, i.e. for each server? (configuring SSL on node 1 (active), then performing manual switchover to node 2 and configure SSL there)

I am looking forward to hearing from you!

Kind regards,

Igor Lukic

Edward Moran · ‎06-25-2012

I found a note in the restrictions documentation:
(I know the document states MP7.1, but the same applies for MP8.5)
http://www.cisco.com/en/US/docs/voice_ip_comm/meetingplace/7_1/english/a
dministration/failover_application_server_config.html#wp1056692

If you are using SSL on your system, you must manually transfer all
files in the following directories from the active server to the standby
server:

-/usr/local/enrollment (for Application Server SSL and single sign-on
authentication for users who schedule meetings from Microsoft Outlook)

-/opt/cisco/meetingplace/web/current/etc/conf/ (for Cisco WebEx
integration)

Copy the files by using the failoverUtil copyConfigFiles command and
restore files by using the failoverUtil restoreConfigFiles command.

 
This means, after you have your certificates, you would need to upload
the new certificate & private key to the primary server to enable
SSL(services will re-start) then copy the contents of the
files noted above to the standby server. This way, when/if you failover
the new SSL information will be used.