Cisco Cisco Meeting Server 1000
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Scalable and Resilient Deployments
19
1. Create a private key and Certificate Request File for the database server. You can use the
same certificate on all of the servers in the database cluster; specify the FQDN of one of the
servers in the CN field and specify the FQDN of the other servers in the SAN field. If using
“Extended Key Usage”, ensure “Server Authentication” is allowed for the database server.
servers in the CN field and specify the FQDN of the other servers in the SAN field. If using
“Extended Key Usage”, ensure “Server Authentication” is allowed for the database server.
For example:
pki csr dbcluster_server CN:www.example.com
generates a CSR file named dbcluster_server.csr and private key named dbcluster_
server.key.
server.key.
2. Create a private key and Certificate Request File for the database client. The CommonName
(CN) for a database client must equal ‘postgres’. If using “Extended Key Usage”, ensure
“Client Authentication” is allowed for the database client.
“Client Authentication” is allowed for the database client.
For example:
pki csr dbcluster_client CN:postgres
generates a CSR file named dbcluster_client.csr and private key named dbcluster_client.key
3. Use an Internal CA to sign the dbcluster_server.csr and dbcluster_client.csr certificate
signing request files and obtain the corresponding dbcluster_server.crt and dbcluster_
client.crt certificates, as well as the Internal CA certificate (bundle). See
client.crt certificates, as well as the Internal CA certificate (bundle). See
provides details on uploading certificates for database clustering.
3.1.5 CSR for the TURN server
If you plan to use TLS on a TURN server, then the TURN server will require a certificate/key pair
similar to that created for the Web Bridge, so that WebRTC clients trusts the connection. The
certificate should be signed by the same Certificate Authority as used for the Web Bridge
certificate.
similar to that created for the Web Bridge, so that WebRTC clients trusts the connection. The
certificate should be signed by the same Certificate Authority as used for the Web Bridge
certificate.
For example:
pki csr turnserver CN:www.example.com O:”Example Inc.”
The example will generate two files: turn.key and turn.csr. The files can be immediately retrieved
from the Meeting Server by using SFTP. Submit the .csr file to a public CA for signing, see
from the Meeting Server by using SFTP. Submit the .csr file to a public CA for signing, see
provides details on uploading certificates for TURN servers.
3.2 Signing the CSR using a public Certificate Authority
Refer to
for a list of public CA signed certificates required for the Meeting Server.
To obtain a public CA signed certificate, send the generated .csr file to your preferred
Certificate Authority, for example Verisign. The CA will verify your identity and issue a signed
certificate. The certificate file will have a .pem, .cer or .crt extension.
Certificate Authority, for example Verisign. The CA will verify your identity and issue a signed
certificate. The certificate file will have a .pem, .cer or .crt extension.
provides a brief
overview of file extensions used for certificate files.
3 Obtaining certificates