Cisco Cisco Meeting Server 2000
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Single Combined Deployments
22
n
use filenames for the certificate and private key that reflect where they are used, for example:
webadmin.crt
and webadmin.key.
4.2 Uploading the Private Keys and Certificates to the MMP
1. SSH into the MMP, and login
2. Use SFTP to upload each private key/certificate pair and certificate bundle
3. Use the MMP PKI command: pki list to check which files have been uploaded. pki
list
will also list any SSH keys and CSR files uploaded to the MMP.
Note: Private keys and certificates must NOT include a “.” within the filenames except
immediately before the file extension. For example callbridge.key is valid, but call.bridge.key is
not allowed.
immediately before the file extension. For example callbridge.key is valid, but call.bridge.key is
not allowed.
4.3 Inspecting a file type and checking that a certificate and private key
match
match
Before installing a private key/certificate pair on the Meeting Server, make sure that you have the
correct files to install. This section provides a brief overview of using the MMP commands: pki
inspect, pki match, and pki verify, to check the identity of the files you plan to install.
correct files to install. This section provides a brief overview of using the MMP commands: pki
inspect, pki match, and pki verify, to check the identity of the files you plan to install.
To inspect a file to determine whether it is still valid (expiry date):
pki inspect <filename>
To check that a certificate matches a private key:
pki match <keyfile> <certificatefile>
To check that a certificate is signed by the CA and that the certificate bundle can be used to
assert this:
assert this:
pki verify <cert> <certbundle/CAcert>
For example:
1. SSH into the MMP, and login
2. Enter the command:
pki inspect xmppserver.crt
to inspect the contents of the file, for instance to see whether a certificate is still valid.
3. Enter the command:
pki match xmppserver.key xmppserver.crt
to check that the file xmppserver.key matches file xmppserver.crt and together they
form one usable identity.
form one usable identity.
4 Installing signed certificates and private keys on the Meeting Server