Step 1
| Generate a private key. |
Step 2
| Generate a certificate signing request (CSR). |
Step 3
| Have a certificate authority sign the CSR. |
Step 4
| Make sure the extension of the signed certificate is .cer or .crt and provide it to the WebEx team. |
Step 5
| Convert the signed certificate and private key into a PKCS#12 formatted file. |
Step 6
| Upload the converted certificate and private key to TMS. |
Step 7
| In Windows, open a command prompt. |
Step 8
| Navigate to the openssl\bin installation directory. |
Step 9
| Generate a private key using following command: openssl genrsa -out tms-privatekey.pem 2048. |
Step 10
| Generate a certificate signing request (CSR) using the private key above: openssl req -new -key tms-privatekey.pem -config openssl.cfg -out tms-certcsr.pem. |
Step 11
| Enter the data requested, including:- Country
- State or province
- Organization name
- Organization unit
- Common name (this is the Cisco TMS FQDN)
- (Optional) Email address, password, company name
|
Step 12
| Send the Cisco TMS certificate signing request file tms-certcsr.pem to be signed by a trusted certificate authority (CA) or self sign a certificate signing request using OpenSSL or Windows CA. For details on how to submit a certificate request to a trusted certificate authority, contact that certificate authority. |
Step 13
| Self-sign the certificate using either OpenSSL or Windows CA: - To self-sign a certificate signing request using OpenSSL, use the following command. tms-certcsr.pem is your certificate signing request in PEM format. tms-privatekey.pem is your private key in PEM format. days is the number of days you'd like the certificate to be valid. openssl x509 -req -days 360 -in tms-certcsr.pem -signkey tms-privatekey.pem -out tms-cert.pem The resulting tms-cert.pem is your self-signed certificate.
- To self-sign a certificate signing request using Windows CA, use Windows Certificate Manager Snap-in. For details on how to submit a certificate request using Windows Certificate Manager Snap-in, refer to the documentation for Windows Certificate Manager Snap-in.
|
Step 14
| When your certificate authority has signed your certificate request, they send a signed certificate to you, You should receive the signed certificate tms-cert.der back from the CA. |
Step 15
| If the certificate is in an email or web page and not in its own file, open the file and copy its contents starting with the -----BEGIN CERTIFICATE----- line and through the -----END CERTIFICATE----- line. Save the contents to a text file and name the file tms-cert.der. |
Step 16
| (Skip this step if certificate is in .pem format) Convert the signed certificate from .der to .pem using the following OpenSSL command: openssl x509 -inform der -in tms-cert.cer -out tms-cert.pem |
Step 17
| Change the extension to .cer or .crt and provide this signed certificate to the WebEx Cloud Services team. |
Step 18
| Combine the signed certificate .pem with the private key created in step 3 using the following OpenSSL command: openssl pkcs12 -export -inkey tms-privatekey.pem -in tms-cert.pem -out tms-cert-key.p12 -name tms-cert-key. You should now have a Cisco TMS certificate that contains the private key for SSO configuration to upload to Cisco TMSNote
| Before uploading this certificate to TMS, you must enable partner delegated authentication on your WebEx site. For more information, refer to Enabling Partner Delegated Authentication on the WebEx site in the next section. After enabling delegated authentication, use the combined certificate and private key you generated in step 10 above to upload to Cisco TMS in step 4 of Enabling SSO in to complete the SSO configuration.
|
|