Cisco Cisco Meeting Server 1000

Cisco Meeting Server Release 2.0 : Certificate Guidelines for Scalable and Resilient Deployments

A.2 Signing CSR files

To sign the CSR using a public CA follow the instructions in

Section 3.2

To sign the CSR using an internal CA follow the instructions in

Section 3.3

To self-sign the certificate, use the OpenSSL command:

openssl req -x509 -nodes -days 100 -newkey rsa:2048 -keyout
<keyname>.key -out <certname>.crt

For example:

openssl req -x509 -nodes -days 100 -newkey rsa:2048 -keyout
callbridge.key -out callbridge.crt

generates a new private key named callbridge.key and a (final) certificate named callbridge.crt.

A.3 Creating Certificates for Database Clustering

This section details how to create certificates for database clustering using OpenSSL
commands.

The certificates created for database clustering must be signed by the same Certificate
Authority (CA). Because the database clustering is not user-accessible, the CA, keys and
certificates can be generated internally using OpenSSL.

Note: Ensure that you run OpenSSL with administrator privileges.

Note: The keyname and certname must NOT include a “.”, for example dbcluster_ca is valid,
but dbcluster.ca is not allowed.

Follow these steps:

1. Define a CA, and create the private/public key pair and certificate for the CA.

a. Generate a private key and certificate request (.csr) pair for a CA defined by you. Use this

OpenSSL syntax

openssl req -new -text -nodes -keyout <keyname>.key -out
<certname>.csr –subj /C=<country>/ST=<state>/L=<location>
/O=<organization>/OU=<organizational unit>/CN=<authorityname>

For example:

openssl req -new -text -nodes -keyout dbcluster_ca.key -out
dbcluster_ca.csr -subj /C=UK/ST=London/L=London/O=Example
/OU=/CN=example

creates the private key dbcluster_ca.key and the certificate signing request file

dbcluster_ca.csr

for the CA defined in the attributes following -subj

Appendix A OpenSSL Commands for Generating Certificates