Cisco Cisco Meeting Server 1000
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Scalable and Resilient Deployments
35
b. Configure the database cluster to use these certificates:
cms>
database cluster certs dbcluster_client.key dbcluster_
client.crt dbcluster_cert-bundle.crt
Certificates updated
Certificates updated
cms> database cluster status
Status : Disabled
Interface : a
Certificates
Status : Disabled
Interface : a
Certificates
Client Key : dbcluster_client.key
Client Certificate : dbcluster_client.crt
CA Certificate : dbcluster_cert-bundle.crt
Client Certificate : dbcluster_client.crt
CA Certificate : dbcluster_cert-bundle.crt
3. Now return to the Scalable and Resilient Server Deployment Guide for information on
selecting the master database and building the database cluster.
4.9 Installing the Certificates and Private Keys for TURN Servers
If you plan to use TLS for secure communication, then you need to install a signed certificate for
the TURN servers, using the same CA to sign the certificate as that used for the Web Bridge. The
certificate will be used by browsers when determining whether to trust the connection with the
Meeting Server.
the TURN servers, using the same CA to sign the certificate as that used for the Web Bridge. The
certificate will be used by browsers when determining whether to trust the connection with the
Meeting Server.
The steps below assume that you have already configured the network interface that the TURN
server will use to listen. Refer to the Scalable and Resilient Server Deployment Guide for
information on setting the interface using the listen MMP command before assigning the
certificates.
server will use to listen. Refer to the Scalable and Resilient Server Deployment Guide for
information on setting the interface using the listen MMP command before assigning the
certificates.
For each TURN server:
1. SSH into the MMP of the host server
2. Disable the TURN server interface before assigning the certificate
turn disable
3. Upload the signed certificate and intermediate CA bundle (if any) to the Meeting Server using
SFTP.
4. Check that the certificate (and certificate bundle) and the private key match
pki verify <certicate> <cert bundle/CA cert> [<CA cert>]
5. Assign the certificate (and certificate bundle) and private key pair to the Turn server
turn certs <keyfile> <certificatefile> [<cert-bundle>]
where keyfile and certificatefile are the filenames of the matching private key and certificate.
If your CA provides a certificate bundle then also include the bundle as a separate file to the
certificate
If your CA provides a certificate bundle then also include the bundle as a separate file to the
certificate
For example
4 Installing signed certificates and private keys on the Meeting Server