Cisco Cisco Meeting Server 1000
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Single Split Deployments
20
certificate should be signed by the same Certificate Authority as used for the Web Bridge
certificate.
certificate.
For example:
pki csr turnserver CN:www.example.com O:”Example Inc.”
The example will generate two files: turn.key and turn.csr. The files can be immediately retrieved
from the Meeting Server by using SFTP. Submit the .csr file to a public CA for signing, see
from the Meeting Server by using SFTP. Submit the .csr file to a public CA for signing, see
provides details on uploading certificates for TURN servers.
3.2 Signing the CSR using a public Certificate Authority
Refer to
for a list of public CA signed certificates required for the Meeting Server.
To obtain a public CA signed certificate, send the generated .csr file to your preferred
Certificate Authority, for example Verisign. The CA will verify your identity and issue a signed
certificate. The certificate file will have a .pem, .cer or .crt extension.
Certificate Authority, for example Verisign. The CA will verify your identity and issue a signed
certificate. The certificate file will have a .pem, .cer or .crt extension.
provides a brief
overview of file extensions used for certificate files.
Before transferring the signed certificate and the private key to the Meeting Server, check the
certificate file. If the CA has issued you a chain of certificates, you will need to extract the
certificate from the chain. Open the certificate file and copy the specific certificate text including
the BEGIN CERTIFICATE and END CERTIFICATE lines and paste into a text file. Save the file as
your certificate with a .crt, .cer or .pem extension. Copy and paste the remaining certificate
chain into a separate file, naming it clearly so you recognize it as an intermediate certificate chain
and using the same extension ( .crt, .cer or .pem). The intermediate certificate chain needs to be
in sequence, with the certificate of the CA that issued the chain first, and the certificate of the
root CA as the last in the chain.
certificate file. If the CA has issued you a chain of certificates, you will need to extract the
certificate from the chain. Open the certificate file and copy the specific certificate text including
the BEGIN CERTIFICATE and END CERTIFICATE lines and paste into a text file. Save the file as
your certificate with a .crt, .cer or .pem extension. Copy and paste the remaining certificate
chain into a separate file, naming it clearly so you recognize it as an intermediate certificate chain
and using the same extension ( .crt, .cer or .pem). The intermediate certificate chain needs to be
in sequence, with the certificate of the CA that issued the chain first, and the certificate of the
root CA as the last in the chain.
Go to
for information on installing signed certificates and private keys on the Meeting
Server.
3.3 Signing the CSR using an internal Certificate Authority
Refer to section
for a list of internal CA signed certificates required for the Meeting
Server.
This section applies if you are using AD as an internal CA. If you are using a different internal CA,
please follow the corresponding instructions, and then resume following this guide from
please follow the corresponding instructions, and then resume following this guide from
To obtain an internal CA signed certificate, follow these steps:
1. Transfer the generated .csr file to the CA, for example an Active Directory server with the
Active Directory Certificate Services Role installed.
3 Obtaining certificates