So to make the app work you need to have XMPP server and Call Bridge.

The self-signed certificate is only recommended in the LAB environment and not in production.

But if you still want to go ahead with this you can only use this for call-bridge and not for XMPP.

[As per cisco the self-signed certificates can be used for Web Admin, for trunk/Load Balancer, and mutual authentication between the Call Bridge and Web Bridge. I have only used this for Call Bridge and Web Bridge integration in our lab.]

I will be happy if you can generate a self-signed certificate for the XMPP, but not sure how you going to mention the CN and all? If you are able to generate the same do let me know the procedure for my understanding.

Below is the configuration made for on premises my CMS 1000

pki selfsigned webadmin".

webadmin certs webadmin.key webadmin.crt
webadmin listen a 443

webadmin restart

webadmin enable

webadmin disable

webadmin listen a 445

webadmin enable

--------------------------------------------

pki selfsigned callbridge

callbridge certs callbridge.key callbridge.crt

callbridge listen a------------>WHAT PORT NEEDS to GIVE?

callbridge restart

---------------------------------

xmpp listen a b----------->WHAT PORT NEEDS to GIVE?

------------------------

Do i need to signed certificate for all services?

Your web bridge for WebRTC will work with a self signed cwertificate, but for cisco meeting app u need to have minimum internal signed certificate or CA sighned certificate.

I will recomend to have signalling traffic on one interface and media traffic on another.

So Web bridge and XMPP is for signalling so have them on interface b.

and Call bridge will be handeling the media traffic so have it on interface a.

Dear Prasad,

I created Pki csr commoncore CN:mil.ae SubjectAltName:cms.mil.ae

I am going to use same commoncore certificate for following services.

b. Web Bridge
c. XMPP
d. Web Admin

I seen in doccument we need to use seperate certifcate for call bridge?

Will it work if i use common certificate?

will check and update ni some time 

Dear Prasad,

I installed the Microsft Certificate server, Reconfigured all the services: Please find the below configuration:

Webadmin:
CMS-JCSC> webadmin
Enabled : true
TLS listening interface : a
TLS listening port : 443
Key file : commoncore1.key
Certificate file : commoncore1.cer
CA Bundle file : CA.cer
HTTP redirect : Enabled
STATUS : webadmin running
-----------------------------------------------------------------

Webbridge:

CMS-JCSC> webbridge
Enabled : true
Interface whitelist : b:443
Key file : commoncore1.key
Certificate file : commoncore1.cer
CA Bundle file : CA.cer
Trust bundle : commoncore.cer
HTTP redirect : Disabled
Clickonce URL : none
MSI download URL : none
DMG download URL : none
iOS download URL : none

------------------------------------------------------

CMS-JCSC> callbridge
Listening interfaces : a
Preferred interface : none
Key file : commoncore1.key
Certificate file : commoncore1.cer
Address : none
CA Bundle file : CA.cer

-----------------------------------------------

CMS-JCSC> xmpp
Enabled : true
Clustered : false
Domain : jcsc.dir
Listening interfaces : a
Key file : commoncore1.key
Certificate file : commoncore1.cer
CA Bundle file : CA.cer
Max sessions per user : unlimited
STATUS : XMPP server running
-------------------------------------------------

Hi Siva,

Please refer below discussion for recording.

https://supportforums.cisco.com/discussion/11523701/scheduling-recorded-conference-tms

I will still suggest to use a recording server solution of CMS.

Dear Prasad,

Recording we keep as it is there is no change. On refeerence to above configuration do i need required anything addtional configuration for Meeting App internally?

this seems to be fine if you have any queriy or issue do let me know so we can work on it .

Sure Prasad.. Currently i am doing some work around for recording.. Soon i will post the updates..

•       Configure the webbridge listen interface

Webbridge listen <interface name> <a>

The Web Bridge can listen on multiple interfaces, e.g. one on public IP and one on the internal network. (However, it cannot listen on more than one port on the same interface.) The following is an example where interfaces are set to interface A and B, both using port 443

Webbridge listen a:443 b:443

In your case you can use one interface to listen on internal traffic.

•      Create DNS A record for the Web Bridge and set it to resolve to the IP address of the Ethernet interface you want the Web Bridge to listen on.
•       Create selfsigned certificate and private key
•        Add the call bridge certificate to the webbridge trust store.

To add the Call Bridge certificate to the Web Bridge trust store:

•       Check which certificate the Call Bridge is using by issuing the callbridge command
•       Disable the Web Bridge
•       Add the Call Bridge certificate to the trust store using the command:

webbridge trust <callbridgecert|cert-bundle> <callbridge cert>

cms>webbridge disable

cms>webbridge trust callbridge.crt

cms>webbridge enable

SUCCESS: Key and certificate pair match

SUCCESS: webbridge enabled

•       Re-enable the Web Bridge
•        To verify that the Web Bridge has the Call Bridge certificate in its trust store: cms>webbridge

Enabled                 : true

Interface whitelist     : a:443

Key file                : webbridge.key

Certificate file        : webbridge.crt

Trust bundle            : callbridge.crt

HTTP redirect           : Enabled

If you only want to use the browse u don’t have to use the redirect command to download the app.

•      Enable the Web Bridge with the following command: webbridge enable
•       Now check the Web bridhe settings configuration in the guide for GUI settings to link the call bridge to webRTC. (page 73, webbridge settings)

https://www.cisco.com/c/dam/en/us/td/docs/conferencing/ciscoMeetingServer/Deployment_Guide/Version-2-2/Cisco-Meeting-Server-2-2-Single-Combined-Server-Deployment.pdf

Dear Prasad,

Thanks lot,

I configured Webbridge, but when in CMS GUI guest account:https://join.jcsc.dir

,Guest account JID DOMIN:Jcsc.dir  and required parameter allowed.My question do i need to create A record resolving CMS IP for 

guest account:https://join.jcsc.dir

The URL should resolve the CMS IP.

is the webRTC is working or you are geeting any error message?

Dear Prasad,

Can u suggest me on reference to above configuration. I needs to enable webrtc.