This document describes how to generate Certificate Signing Request (CSR) and upload signed certificates to Cisco Meeting Server (CMS).
Cisco recommends that you have knowledge of these topics:
Basic knowledge of CMS Server
Putty or similar software
This document is not restricted to specific software and hardware versions.
Note: This procedure applies for all CMS versions from 2.0 to 2.6.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Generate the CSR
There are two ways you can generate CSR, one of those is to generate the CSR directly on CMS server from Command Line Inrterface (CLI) with admin access, the other is to do it with externall 3rd party Certificate Authority (CA) such as Open SSL.
In both cases the CSR has to be generated with correct sintax for CMS services to work properly.
<key/cert basename> is a string that identifies the new key and CSR name. It can contain alphanumeric, hyphen or underscore characters. This is a mandatory field.
<CN:value> is the Common Name. This is the Fully Qualified Domain Name (FQDN) that specifies the server’s exact location in the Domain Name System (DNS). This is a mandatory field.
[OU:<value>] is the Organizational Unit or Department Name. For example, Support, IT, Engineer, Finance. This is an optional field.
[O:<value>] is the Organization or Business name. Usually the legal incorporated name of a company. This is an optional field.
[ST:<value>] is the Province, Region, County or State. For example, Buckinghamshire California. This is an optional field.
[C:<value>] is the Country. The two-letter International Organization for Standardization (ISO) code for the country where your organization is located. For example, US, GB, FR. This is an optional field.
[subjectAltName:<value>] is the Subject Alternative Name (SAN). From X509 Version 3 (RFC 2459), Secure Socket Layers (SSL) certificates are allowed to specify multiple names that the certificate must match. This field enables the generated certificate to cover multiple domains. It can contain IP addresses, domain names, email addresses, regular DNS host names, etc, separated by commas. If it is specified, you must also include the CN in this list. Although this is an optional field, the SAN field must be completed in order for Extensible Messaging and Presence Protocol (XMPP) clients to accept a certificate, otherwise the XMPP clients display a certificate error.
Step 2. Generate callbridge, xmpp, webadmin and webbridge CSR.
Access the CMS CLI with Putty and Log in with admin accont.
Run the next commands in order to create CSR for every service needed on CMS.