Cisco Cisco Meeting Server 1000

Cisco Meeting Server Release 2.0 : Certificate Guidelines for Scalable and Resilient Deployments

b. Create a certificate for the CA, using the private key and certificate request (.csr)

generated in step 1a.

openssl req -x509 -text -in dbcluster_ca.csr -key dbcluster_
ca.key -out dbcluster_ca.crt -days 3650

creates the certificate dbcluster_ca.crt

2. Use the CA credentials generated in step 1 to output a private key and signed certificate for

the database server and database client.

a. Generate a private key and certificate request (.csr) for the database server:

openssl req -new -nodes -keyout <keyname>.key -out
<certname>.csr –subj /C=<country>/ST=<state>/L=<locality>
/O=<organization> /OU=<organizational unit>/CN=<nodename>

where nodename is the actual name of the server hosting the database. For example:

openssl req -new -nodes -keyout dbcluster_server.key -out
dbcluster_server.csr -subj /C=UK/ST=London/L=London/O=Example
/OU=/CN=server1

creates the key dbcluster_server.key and the certificate signing request file

dbcluster_server.csr

b. Generate the CA signed certificate for the database. For example:

openssl x509 -req -CAcreateserial -in dbcluster_server.csr -CA
dbcluster_ca.crt -CAkey dbcluster_ca.key -out dbcluster_
server.crt -days 3650

creates the certificate dbcluster_server.crt

c. Generate a private key and certificate request (.csr) for the database. The CommonName

(CN) for a database client must equal “postgres”.

openssl req -new -nodes -keyout <keyname>.key -out <certname>.csr
–subj /C=<country>/ST=<state>/L=<locality>/O=<organization>
/OU=<organizational unit>/CN=postgres

For example:

openssl req -new -nodes -keyout dbcluster_client.key -out
dbcluster_client.csr -subj /C=UK/ST=London/L=London/O=Example
/OU=/CN=postgres

creates the key dbcluster_client.key and the certificate signing request file

dbcluster_client.csr

Appendix A OpenSSL Commands for Generating Certificates