Cisco Cisco Meeting Server 1000
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Scalable and Resilient Deployments
27
Subject: C=xx, O=xxxxx, OU=xxxxxxxxxxx, CN=xxxxxxxxxxxxx
Subject Public Key Info:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
SUCCESS: license file present
FAILURE: XMPP server configuration not complete
FAILURE: XMPP server configuration not complete
Check the certificate bundle to ensure that there is no break in the certificate chain.
Note: Remember you will also need to install the XMPP license key file (license.dat) on the
Meeting Server. Follow the instructions in the Scalable and Resilient Server Deployment Guide.
Meeting Server. Follow the instructions in the Scalable and Resilient Server Deployment Guide.
4.5 Installing the Certificate and Private Keys for the Core to Edge Trunks
This section only needs to be followed if your Meeting Server connects to native Cisco Meeting
Apps (PC Client, Mac Client or iOS Client) and you have deployed split Core and Edge servers.
Apps (PC Client, Mac Client or iOS Client) and you have deployed split Core and Edge servers.
Note: In a deployment with split servers, each Core server can create multiple trunks to multiple
Edge servers. Each Edge server can accept multiple trunks from multiple Core servers.
Edge servers. Each Edge server can accept multiple trunks from multiple Core servers.
To establish mutual authentication between the Load Balancer in the Edge server and the XMPP
service in the Core server you need to:
service in the Core server you need to:
n
on the Load Balancer, install the private key/certificate pair for the Load Balancer, and the
certificate for the trunk
certificate for the trunk
n
on the trunk, install the private key/certificate pair for the trunk, and the certificate for the
Load Balancer.
Load Balancer.
Note: Do not reuse the Load Balancer certificate for the trunk, or vice versa. You must create
different certificates for the Load Balancer and for the trunk.
different certificates for the Load Balancer and for the trunk.
This will ensure that the trunk and the Load Balancer authenticate each other’s certificate,
creating a secure TLS trunk between the Load Balancer and the XMPP server.
creating a secure TLS trunk between the Load Balancer and the XMPP server.
If you have a single XMPP Server in your deployment, but multiple Edge servers, you will quite
likely have a Load Balancer on each Edge server. In that case, the Core server (hosting the XMPP
service) will need to create a trunk to each of the Load Balancers. Follow steps 1 to 12 below for
each trunk/Load Balancer pair. See
likely have a Load Balancer on each Edge server. In that case, the Core server (hosting the XMPP
service) will need to create a trunk to each of the Load Balancers. Follow steps 1 to 12 below for
each trunk/Load Balancer pair. See
for advice on reusing a private key/certificate
pair.
Note: This guide assumes that you have already set up the network interface for the Load
Balancer and the trunk interface on the Meeting Server, if not follow the steps in the Scalable
and Resilient Server Deployment Guide, before assigning the certificate.
Balancer and the trunk interface on the Meeting Server, if not follow the steps in the Scalable
and Resilient Server Deployment Guide, before assigning the certificate.
4 Installing signed certificates and private keys on the Meeting Server