- About CMR Hybrid
- Planning
- Deployment Options
- Requirements
- Set Up the Solution Components
- Connect Cisco TelePresence Conductor to Call Control
- Configure Bridge Scheduling
- Configure Cisco MCU and TelePresence Server
- Configure Call Control
- Configure Certificates on Cisco Expressway-E and Cisco VCS Expressway
- Configure Cisco TelePresence Management Suite
- Configure Cisco TelePresence Management Suite Extension for Microsoft Exchange
- Configure TelePresence Management Suite Provisioning Extension
- Configure Audio
- Integrate Cisco TelePresence with a Cisco WebEx Site Administration Account
- Manage CMR Hybrid Meetings
- Troubleshoot CMR Hybrid
- Add Cisco Unified Communications Manager Normalization Scripts
- Migration Paths
- Set Up Cascading for Large-Scale or Critical Meetings
- Index
- Prerequisites
- Configuring the Cisco WebEx Feature in Cisco TMS
- Configuring WebEx Users in Cisco TMS
- Configuring Port Reservations for MCU and TelePresence Server in Cisco TMS
- Configuring Hybrid Content Mode for MCU in Cisco TMS
- Configuring Lobby Screen in Cisco TMS
- Configuring Conference Settings in Cisco TMS
- Configuring Single Sign On in Cisco TMS
- Prerequisites
- Configuring SSO in Cisco TMS
- Generating a Certificate for WebEx
- Enabling Partner Delegated Authentication on the WebEx Site
- Enabling SSO in Cisco TMS
- Supported Configurations for Scheduling on Behalf of the WebEx Host
- Guidelines for Renewing Your PDA/SSO
Configure Cisco TelePresence Management Suite
Prerequisites
-
Cisco TMS software release 14.6 is required (15.0 is recommended).
-
Cisco TMSXE software release 4.1 or later is required (5.0 is recommended), if using Microsoft Outlook to schedule meetings.
There are two options for scheduling using Microsoft Outlook:
-
Cisco TMSPE software release 1.4 or later is required (1.5 is recommended), if using Smart Scheduler to schedule meetings
-
MCU calls to WebEx support SIP only. The following settings must be configured for SIP:
-
In Cisco TMS: Allow Incoming and Outgoing SIP URI Dialing must be set to Yes in the Cisco TMS Scheduling Settings for each MCU used for CMR Hybrid meetings.
-
For MCU and TelePresence Server, see Configure Cisco MCU and TelePresence Server for more information.
-
-
To get the new WebEx Productivity Tools features in WebEx Meeting Center WBS30, the following are required:TMS 15.0
For more information, refer to the latest CMR Hybrid Release Notes.
Configuring the Cisco WebEx Feature in Cisco TMS
To configure the Cisco WebEx feature in Cisco TMS, do the following:
Configuring WebEx Users in Cisco TMS
To schedule meetings using Cisco TMS, users must have a username and password that the server is configured to trust.
Cisco TMS authenticates the following accounts:
Local accounts on the Windows Server where Cisco TMS is installed
Accounts the server trusts through domain membership and Active Directory (AD)
For each user that successfully logs into Cisco TMS, a new user profile is created based on their username and the user is prompted to enter information into their profile. Existing Windows or AD user passwords are used but they are not stored in Cisco TMS. If a user's Windows/AD password changes, they must use that updated password when logging into Cisco TMS.
- User Requirements for Scheduling WebEx-enabled Meetings
- Configuring Automatic User Lookup from Active Directory
- How WebEx Bookings Work
- Configuring a Cisco CMR Hybrid User in Cisco TMS
User Requirements for Scheduling WebEx-enabled Meetings
To schedule WebEx-enabled meetings using Cisco TMS, Cisco TMS users must have the following stored in their Cisco TMS user profile:
The WebEx site on which they have an account.
NoteThis WebEx site must also be added to Cisco TMS, as described in Configuring the Cisco WebEx Feature in Cisco TMS.
There are three ways to enable a Cisco TMS user's account for WebEx scheduling:
For details, see Configuring a Configuring a Cisco CMR Hybrid User in Cisco TMS
The Cisco TMS user edits their profile by logging in to Cisco TMS and clicking their username at the bottom left corner of the Cisco TMS Web UI.
Administrator enables ‘Lookup User Information from Active Directory, ‘Get WebEx Username from Active Directory' and (optionally) Single Sign On (SSO).
The benefits of having the Active Directory lookup features enabled are that the user account information including WebEx username is automatically added to each new Cisco TMS user. WebEx password must still be added by the administrator or user, however, if Single Sign On is enabled, WebEx password is not required. With the Active Directory and Single Sign On features enabled, only the WebEx site must be selected for the user, if there are multiple WebEx sites configured on Cisco TMS. If there is only on WebEx site, Cisco TMS will use that site. If there are multiple sites configured, Cisco TMS will automatically select the WebEx site designated as the ‘Default', unless the user's Cisco TMS profile is edited to specify a different WebEx site.
For details, see Configuring Automatic User Lookup from Active Directory and Configuring Single Sign On in Cisco TMS
Configuring Automatic User Lookup from Active Directory
If you are using Active Directory (AD), you can configure Cisco TMS to automatically populate user profile information. When you enable this feature, details about the user will automatically be imported when they first access Cisco TMS and synchronized periodically. If you use a field in Active Directory for WebEx username (for example the AD username or email address), you can configure Cisco TMS to import the WebEx username as well by enabling the 'Get WebEx Username from Active Directory' feature in the WebEx Settings page.
Configuring Active Directory Lookup in Cisco TMS
Active Directory Lookup imports and updates user information in Cisco TMS automatically. Optionally, Cisco TMS can also import the WebEx username.
By activating the AD lookup, WebEx and Cisco TMS automatically synchronize user information at given intervals. By doing this, each user of WebEx will only have to enter their password and not their username when booking and entering conferences.
If you do not configure AD lookup, the user will have to enter username and password for communication between Cisco TMS and WebEx.
To configure Active Directory Lookup, do the following:
Step 1 | Go to . |
Step 2 | In the Active Directory pane, set Lookup User Information from Active Directory to Yes. |
Step 3 | Enter information in the remaining fields in the Active Directory pane and click Save. |
Step 4 | For information about each field, refer to the Cisco TMS Help. |
Step 5 | To configure ‘Get WebEx Username from Active Directory', do the following: |
Step 6 | Go to . |
Step 7 | In the WebEx Configuration pane, use the Get WebEx Username from Active Directory menu to select the field in AD where you are storing the WebEx username. |
Step 8 | Click Save. For more information, refer to the Cisco TMS Help. |
How WebEx Bookings Work
For WebEx booking to work, the booking user must have a WebEx username and password defined as their WebEx Username and WebEx Password in their Cisco TMS profile. This ensures that the correct user "owns" the meeting in WebEx and can log in and operate the WebEx conference.
When Single Sign On (SSO) is enabled for the WebEx site, users with WebEx accounts can book WebEx-enabled meetings with Cisco TMS without requiring their WebEx password be stored in their Cisco TMS user profile. When SSO is configured and a user schedules a meeting, their WebEx username from their Cisco TMS user profile is passed to the WebEx site to complete the booking. For information about how to configure SSO, see Configuring Single Sign On in Cisco TMS.
The remaining fields are not mandatory, but are used for other Cisco TMS features. Later, if you are using Active Directory, you can configure Cisco TMS to populate these fields automatically for new users.
Configuring a Cisco CMR Hybrid User in Cisco TMS
This configuration is not required if the following three conditions are true:
‘Lookup User Information from Active Directory' and ‘Get WebEx Username from Active Directory' are enabled, as described in Configuring Automatic User Lookup from Active Directory, page 6-5
Single Sign On is enabled, as detailed in Configuring Single Sign On in Cisco TMS.
The user will use the default WebEx site for scheduling WebEx meetings
To configure a Cisco CMR Hybrid user in Cisco TMS, do the following:
Step 1 | Go to | ||
Step 2 | Click New to add a new user or click the name of an existing user to add WebEx scheduling capabilities to their profile and click Edit. | ||
Step 3 | Enter Windows/AD Username, First Name, Last Name, and Email Address.
| ||
Step 4 | For WebEx Username, enter the username for the user's WebEx account. | ||
Step 5 | For WebEx Password, enter the password for the user's WebEx account.
| ||
Step 6 | For WebEx Site, select the WebEx site to which the user is registered. | ||
Step 7 | Make any other settings in the Cisco TMS user profile and click Save. |
Configuring Port Reservations for MCU and TelePresence Server in Cisco TMS
Cisco highly recommends configuring MCU and TelePresence Server to reserve ports for each scheduled meeting.
When enabled, the number of ports reserved for the conference is enforced. Therefore if the TelePresence portion of the meeting has 5 ports and 5 participants have joined on TelePresence, if the meeting invitation is forwarded to a 6th person, they will not be able to join the meeting on TelePresence.
If port reservations are not enabled, the meeting is booked with 5 TelePresence ports and the invite is forwarded, additional participants up to the maximum available ports at that time are able to join on TelePresence. This could cause another scheduled meeting to fail. As a result, Cisco recommend s always enabling port reservations for MCU and TelePresence Server.
Enabling Port Reservations for MCU
To enable port reservations for MCU, do the following in Cisco TMS:
Enabling Port Reservations for TelePresence Server
To enable port reservations for TelePresence Server, do the following in Cisco TMS:
Configuring Hybrid Content Mode for MCU in Cisco TMS
Configuring any MCUs that will be used for CMR Hybrid meetings with WebEx to use the hybrid content mode is required. In hybrid mode the incoming content stream is passed through, giving the best possible quality. It is also decoded and used to create a second, lower resolution stream for anyone who cannot receive the passthrough stream. This uses up a video port but ensures that users get the advantages both of transcoding and passthrough.
To configure hybrid content mode on the MCU in Cisco TMS, do the following:
Configuring Lobby Screen in Cisco TMS
Configuring all TelePresence Servers that will be used for CMR Hybrid meetings with WebEx to set Lobby Screen to “On” is required.
To configure the Lobby Screen on the TelePresence Server in Cisco TMS, do the following:
How the Lobby Screen Affects the First TelePresence Participant in a Meeting if the WebEx Welcome Screen is Disabled
If the WebEx Welcome Screen is disabled, the user experience of the first TelePresence participant in a meeting that uses TelePresence Server varies depending on how the “Use Lobby Screen for conferences” setting for TelePresence Server is configured in Cisco TMS. Table 1 describes what the first TelePresence participant in a meeting will see in different scenarios. To ensure that the first TelePresence participant never sees a black screen, make sure you set “Use Lobby Screen for conferences” to Yes for all TelePresence Servers you will use for CMR Cloud meetings as described in the previous section.
Black screen (until at least one other TelePresence participant joins) |
||||
Black screen (until at least one other TelePresence or WebEx participant joins) |
||||
Lobby screen (until at least one other TelePresence participant joins) |
||||
Lobby screen (until at least one other TelePresence or WebEx participant joins) |
||||
Configuring Conference Settings in Cisco TMS
This section provides information on the recommended and optional conference settings that can be configured in Cisco TMS for CMR Hybrid meetings.
- Default Picture Mode
- Conference Connection/Ending Options
- Configuring Allow Early Join
- Configuring Resource Availability on Extension
Default Picture Mode
Cisco recommends configuring Default Picture Mode to Continuous Presence. This allows multiple participants to be seen on screen at the same time for meetings that use MCU. TelePresence Server is always set to display multiple participants (called ActivePresence on the TelePresence Server).
To configure Default Picture Mode in Cisco TMS, do the following:
Conference Connection/Ending Options
Cisco recommends configuring the Conference Connection/Ending Options in TMS so that if a meeting runs beyond the scheduled end time, participants are warned if there are not enough resources to extend the meeting.
Step 1 | Go to . | ||
Step 2 | In the Conference Connection/Conference Extension section, set the following options: | ||
Step 3 | (Optional) You can configure the length, timing and content of the in-video warnings, by setting the following options:
| ||
Step 4 | Click Save. |
Configuring Allow Early Join
Note | Cisco TMS does not dial out to WebEx until the scheduled start time of the meeting. |
To configure Allow Early Join in Cisco TMS, do the following:
Configuring Resource Availability on Extension
When Resource Availability Check on Extension is enabled, a meeting automatically extends by 15 minutes if all resources are available, and reserves them until the extended meeting is finished.
To configure Resource Availability Check on Extension in Cisco TMS, do the following:
Step 1 | Go to Administrative Tools > Configuration > Conference Settings > Resource Availability Check on Extension. |
Step 2 | Click Save. This setting works in conjunction with Extend Conference Mode and applies to Automatic Best Effort or Endpoint Prompt. The options are:
|
Configuring Single Sign On in Cisco TMS
Cisco TMS has the option to enable Single Sign On (SSO) for meetings booked by users with WebEx accounts. When SSO is configured and a user schedules a WebEx-enabled meeting, the WebEx username in their Cisco TMS user profile is passed to the WebEx site to complete the booking.
With SSO configured, it is only required to store the user's WebEx username in their Cisco TMS user profile. The user's WebEx password is not required.
There are two ways to add a user's WebEx username to their Cisco TMS user profile:
A TMS Site Administrator manually enters the WebEx Username in a user's profile.
When an organizer schedules a meeting with WebEx using Cisco TMS, Cisco TMS sends the meeting information to the WebEx site with that WebEx username designated as the WebEx host.
NoteWhen a user has selected a WebEx site that has SSO enabled in TMS, Site Administrator privileges are required to edit the WebEx Username field. Users cannot edit their WebEx Username.
Enable Cisco TMS to import WebEx usernames from Active Directory (AD)
NoteYou can use any field in AD. Email address and username are the most commonly used.
When an organizer schedules a meeting with WebEx using Cisco TMS, Cisco TMS requests AD for the WebEx username of the meeting organizer using the username and password that the Cisco TMS administrator filled in on the Network Settings page for AD lookup.
When AD supplies Cisco TMS with the WebEx username of the organizer, Cisco TMS sends the meeting information to the WebEx site with that WebEx username designated as the WebEx host.
- Prerequisites
- Configuring SSO in Cisco TMS
- Generating a Certificate for WebEx
- Enabling Partner Delegated Authentication on the WebEx Site
- Enabling SSO in Cisco TMS
- Supported Configurations for Scheduling on Behalf of the WebEx Host
- Guidelines for Renewing Your PDA/SSO
Prerequisites
Before configuring SSO in Cisco TMS, you must work with the WebEx Cloud Services team to determine the following information that needs to be configured in both Cisco TMS and in the WebEx cloud:
-
This value must be determined by the WebEx team, because it must be unique among all WebEx customers. Contact the WebEx account team for this information.
-
This is the Identity Provider, which is your TMS. This value must be determined by the WebEx team. Contact the WebEx account team for this information.
Cisco recommends using a name to indicate your company's TMS.
-
This refers to the Service Provider, which is WebEx. This value must be determined by the WebEx team. Contact the WebEx account team for this information.
-
This is the authentication context. The IdP authenticates the user in different contexts, e.g., X509 cert, Smart card, IWA, username/password).
Configuring SSO in Cisco TMS
Command or Action | Purpose | |
---|---|---|
Step 1 | Ensure the WebEx site on which you want to enable SSO has been created in Cisco TMS. | See Configuring the Cisco WebEx Feature in Cisco TMS for details. |
Step 2 | Generate a certificate to secure the connection between Cisco TMS and the WebEx site. | See Generating a Certificate for WebEx for details. |
Step 3 | Enable Partner Delegated Authentication on the WebEx site. | See Enabling Partner Delegated Authentication on the WebEx Site for details. |
Step 4 | Enable SSO in Cisco TMS. | See Enabling SSO in Cisco TMS for details. |
Generating a Certificate for WebEx
WebEx requires that a certificate pair (public certificate and private key) be used to authenticate Cisco TMS to the WebEx cloud.
Certificate pair requirements:
Public certificate must be in .cer or .crt format - to send to the WebEx Cloud Services team
Certificate and private key bundled in a PKCS12-formatted file - for upload to Cisco TMS
You can generate a new certificate or use an existing one, such as the one used to enable HTTPS on your Cisco TMS server.
- Using an Existing Certificate Signed by a Trusted Authority
- Creating a Key/Certificate Pair Signed by a Certificate Authority
- Creating a Self-signed Key/Certificate Pair
- Using OpenSSL to Generate a Certificate
Using an Existing Certificate Signed by a Trusted Authority
If you currently use a certificate signed by a trusted authority, Cisco recommends using the existing certificate and key pair for your WebEx configuration. How you proceed is determined by if the private key is exportable, available or unavailable.
- If Private Key is Exportable
- If Private Key is Not Exportable, but Key/Certificate Pair Available
- If Private Key is Not Exportable or Available
If Private Key is Exportable
If your private key is exportable, do the following:
Step 1 | Using the Windows Certificate Manager Snap-in, export the existing key/certificate pair as a PKCS#12 file. |
Step 2 | Using the Windows Certificate Manager Snap-in, export the existing certificate as a Base64 PEM encoded .CER file. |
Step 3 | Make sure the file extension is either .cer or .crt and provide this file to the WebEX Cloud Services team. |
Step 4 | Use the PKCS#12 file you created in step 2, to upload to TMS in Enabling SSO in . |
If Private Key is Not Exportable, but Key/Certificate Pair Available
If your private key is not exportable, but you have the key/certificate pair available elsewhere, do the following:
Step 1 | Use Windows Certificate Manager Snap-in to export your existing certificate in a Base64 PEM file. |
Step 2 | Change the file extension to either .cer or .crt and provide this Base64 PEM file to the WebEx Cloud Services team. |
Step 3 | Create a PKCS#12 key/certificate pair by using the command in step 10 of Using OpenSSL to Generate a Certificate. |
Step 4 | Use this PKCS#12 file to upload to TMS in Enabling SSO in |
If Private Key is Not Exportable or Available
If your private key is not exportable and it is not available elsewhere, you will need to create a new certificate.
To create a new certificate, follow all the steps in Using OpenSSL to Generate a Certificate.
Creating a Key/Certificate Pair Signed by a Certificate Authority
If you do not have a key and certificate pair, but have a certificate authority you use, do the following:
Step 1 | Create a new key/certificate pair to use for the WebEx SSO configuration using OpenSSL, following the steps in Using OpenSSL to Generate a Certificate. |
Step 2 | Create a Base64 PEM encoded version of the signed certificate using step 8 Using OpenSSL to Generate a Certificate. |
Step 3 | Change the file extension to .cer or .crt and provide this version of the certificate to the WebEx Cloud Services team. |
Step 4 | Create a PKCS#12 key/cert pair by using the command in step 10 of Using OpenSSL to Generate a Certificate. |
Step 5 | Use this PKCS#12 file to upload to TMS in Enabling SSO in . |
Creating a Self-signed Key/Certificate Pair
If you do not have a key and certificate pair and do not have a certificate authority to use, you will need to create a self-signed certificate.
To create a self-signed key, do the following:
Step 1 | Follow the steps in Using OpenSSL to Generate a Certificate. |
Step 2 | In step 6, follow the procedure to create a self-signed certificate signing request. |
Step 3 | Follow steps 7 through 9 and provide the base64 PEM file of self-signed certificate to the WebEx Cloud Services team. |
Step 4 | Follow step 10 to create a PKCS#12 PFX file. |
Step 5 | Upload to TMS in Enabling SSO in . |
Using OpenSSL to Generate a Certificate
OpenSSL is an open source project designed to run on Unix and Linux. There is a Windows version available from Shining Light Productions: http://slproweb.com/products/Win32OpenSSL.html. Before using OpenSSL to generate a certificate, you must have OpenSSL installed.
For more information, go to: http://www.openssl.org/.
To generate the TMS certificates required for WebEx and TMS, you must complete the following steps:
Step 1 | Generate a private key. | ||
Step 2 | Generate a certificate signing request (CSR). | ||
Step 3 | Have a certificate authority sign the CSR. | ||
Step 4 | Make sure the extension of the signed certificate is .cer or .crt and provide it to the WebEx team. | ||
Step 5 | Convert the signed certificate and private key into a PKCS#12 formatted file. | ||
Step 6 | Upload the converted certificate and private key to TMS. | ||
Step 7 | In Windows, open a command prompt. | ||
Step 8 | Navigate to the openssl\bin installation directory. | ||
Step 9 | Generate a private key using following command: openssl genrsa -out tms-privatekey.pem 2048. | ||
Step 10 | Generate a certificate signing request (CSR) using the private key above: openssl req -new -key tms-privatekey.pem -config openssl.cfg -out tms-certcsr.pem. | ||
Step 11 | Enter the data requested, including: | ||
Step 12 | Send the Cisco TMS certificate signing request file tms-certcsr.pem to be signed by a trusted certificate authority (CA) or self sign a certificate signing request using OpenSSL or Windows CA. For details on how to submit a certificate request to a trusted certificate authority, contact that certificate authority. | ||
Step 13 | Self-sign the certificate using either OpenSSL or Windows CA: | ||
Step 14 | When your certificate authority has signed your certificate request, they send a signed certificate to you, You should receive the signed certificate tms-cert.der back from the CA. | ||
Step 15 | If the certificate is in an email or web page and not in its own file, open the file and copy its contents starting with the -----BEGIN CERTIFICATE----- line and through the -----END CERTIFICATE----- line. Save the contents to a text file and name the file tms-cert.der. | ||
Step 16 | (Skip this step if certificate is in .pem format) Convert the signed certificate from .der to .pem using the following OpenSSL command: openssl x509 -inform der -in tms-cert.cer -out tms-cert.pem | ||
Step 17 | Change the extension to .cer or .crt and provide this signed certificate to the WebEx Cloud Services team. | ||
Step 18 | Combine the signed certificate .pem with the private key created in step 3 using the following OpenSSL command: openssl pkcs12 -export -inkey tms-privatekey.pem -in tms-cert.pem -out tms-cert-key.p12 -name tms-cert-key. You should now have a Cisco TMS certificate that contains the private key for SSO configuration to upload to Cisco TMS
|
Enabling Partner Delegated Authentication on the WebEx Site
These steps are required for enabling partner delegated authentication on your WebEx site:
Before you can enable partner delegated authentication on your WebEx site, the WebEx Cloud Services team must make site provisioning changes to configure your TMS as a delegated partner.
Step 1 | Request that the WebEx Cloud Services team add a Partner Certificate for your TMS, configured for SAML 2.0 federation protocol. |
Step 2 | Provide the public certificate for your TMS to the WebEx Cloud Services team. For details on how to create a certificate, see Generating a Certificate for WebEx. |
Step 3 | After the WebEx Cloud Services team notifies you that this step is complete, enable partner delegated authentication for both Host and Admin accounts in the Site Administration for your WebEx site, as described below. |
Step 4 | Proceed with the section "Enabling SSO in Cisco TMS". |
Step 5 | Log into your WebEx administrative site and go to The Partner Delegated Authentication page appears. . |
Step 6 | In the Partner SAML Authentication Access section, make sure both Host and Site Admin are checked and click Update. |
Enabling SSO in Cisco TMS
To enable SSO in Cisco TMS, do the following:
Before you begin, make sure you have the following information:
- Certificate Password (if required)
Partner Name
Partner Issuer (IdP ID)
SAML Issuer (SP ID)
AuthnContextClassRef
Note | Before enabling SSO, you must enable Partner Delegated Authentication on your WebEx site. For more information, refer to Enabling Partner Delegated Authentication on the WebEx site. |
Step 1 | Log into Cisco TMS, and go to Administrative Tools > Configuration > WebEx Settings. |
Step 2 | In the WebEx Sites pane, click the site name of the WebEx site on which you want to enable SSO. The WebEx Site Configuration pane appears. |
Step 3 | For Enable SSO, select Yes. The SSO Configuration pane appears. |
Step 4 | Click Browse and upload the PKS #12 private key certificate (.PFX) you generated in Generating a Certificate for WebEx. |
Step 5 | Complete the rest of the SSO configuration fields using the password and other information that you selected when generating the certificate. |
Step 6 | Click Save. |
Supported Configurations for Scheduling on Behalf of the WebEx Host
While the focus of the previous section was how to configure SSO on TMS, it is also possible to configure SSO on the WebEx site itself. As a result, it's helpful to understand all the supported configurations for scheduling of CMR Hybrid meetings.
There are three possible supported configurations to allow the TMS to schedule on behalf of the WebEx host:
WebEx site does not use SSO and TMS does not have SSO configured. No partner delegated authentication (PDA) relationship with the WebEx site. WebEx host login: The WebEx username and password are stored in WebEx, and the user authenticates directly to the WebEx site.
WebEx site does not use SSO, but TMS does have SSO configured. PDA relationship with the WebEx site. WebEx host login: The WebEx username and password are stored in WebEx, and the user authenticates directly to the WebEx site.
WebEx site uses SSO, and TMS has SSO configured. PDA relationship with the WebEx site. WebEx host login: The WebEx user logs in through the SSO identity service provider.
Guidelines for Renewing Your PDA/SSO
If you use a certificate signed by a public CA that will soon be expiring you must renew it. Using an expired certificate will cause CMR Hybrid meeting scheduling to fail as WebEx rejects an expired certificate presented by TMS on behalf of a CMR Hybrid meeting scheduling attempt.
It is possible to have more than one delegated partner certificate on your WebEx site at any given time.
So you may have a backup TMS and an online/active TMS each with unique certificates. Or, better yet, you may have exported the same certificate w/private key from one of those TMS instances to the alternate and they share an FQDN/hostname. [call this cold standby]. Or, you are deploying a redundant TMS environment and you use a single certificate with multiple SAN's containing each unique TMS FQDN and a shared CN for the NLB/frontend TMS name.
Be aware that you will want the Issued To or CN(CommonName) field to be unique because we can only hold one certificate at a time referring to a given Issued To or CN field.
The reason for this is that we store your certificates on your site using the Issued To sort order. If we find a certificate with the identical Issued To name as an existing certificate, we should come back to you and ask you to clarify whether or not you want the existing certificate to be REPLACED with the new one. Most likely this is the case but we can not store [2] certificates on your WebEx site with identical Issued To names in the certificate [CN]. If this occurs, the new certificate will not actually be loaded and functional until we delete/replace the old one with the new one. So in order to prevent this issue, please tell us to replace the old certificate with the new one OR make sure that the new certificate has different information in the Issued To or CN field. This is possible for instance if TMS were given a different FQDN [eg TMS1.company.com vs TMS2.company.com]