Cisco Acano X-series
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Single Combined Deployments
16
pki csr <key/cert basename> <CN:value> [OU:<value>] [O:<value>]
[ST:<value>] [C:<value>] [<subjectAltName:value>]
[ST:<value>] [C:<value>] [<subjectAltName:value>]
the command is:
pki csr one-cert CN:example.com
subjectAltName:callbridge1.example.com,callbridge2.example.com,callbr
idge3.example.com,xmppserver.example.com,webbridge.example.com
subjectAltName:callbridge1.example.com,callbridge2.example.com,callbr
idge3.example.com,xmppserver.example.com,webbridge.example.com
Note: If you use the pki command, the CN is automatically appended to the SAN list, do not list
the CN in the SAN list, as shown in the example above.
the CN in the SAN list, as shown in the example above.
3.1.1 CSR for the Web Bridge
Web browsers look at the CN field to determine the Web Bridge’s FQDN. To avoid web browser
certificate errors, follow this advice:
certificate errors, follow this advice:
n
if you are using a dedicated certificate for the Web Bridge: in the CN field, specify the FQDN
that is defined in the DNS A record for the Web Bridge. Failure to specify the FQDN may result
in browser certificate errors. If the subjectAltName field is used, then the FQDN that is
specified in the CN field needs to be included in the subjectAltName field if it is not
automatically appended. Note: pki csr will automatically appended the CN to the SAN list if
a SAN list exists.
that is defined in the DNS A record for the Web Bridge. Failure to specify the FQDN may result
in browser certificate errors. If the subjectAltName field is used, then the FQDN that is
specified in the CN field needs to be included in the subjectAltName field if it is not
automatically appended. Note: pki csr will automatically appended the CN to the SAN list if
a SAN list exists.
n
if you plan to use the same certificate across multiple components (Web Bridge, XMPP
Server, Call Bridge and TURN server): specify your domain name (DN) in the CN field, and in
the SAN field specify your domain name (DN) and the FQDN for each of the components that
will use the certificate.
Server, Call Bridge and TURN server): specify your domain name (DN) in the CN field, and in
the SAN field specify your domain name (DN) and the FQDN for each of the components that
will use the certificate.
For example:
pki csr webbridge CN:www.example.com O:”Example Inc.”
or
pki csr webbridge CN:www.example.com O:”Example Inc.”
subjectAltName:guest.example.com
subjectAltName:guest.example.com
The example will generate two files: webbridge.key and webbridge.csr. The files can be
immediately retrieved from the Meeting Server by using SFTP. Submit the .csr file to a public CA
for signing, see
immediately retrieved from the Meeting Server by using SFTP. Submit the .csr file to a public CA
for signing, see
provides details on uploading certificates for Web Bridges.
3.1.2 CSR for the XMPP server
Native Cisco Meeting App look at the subjectAltName field to determine the XMPP server’s
domain. To avoid client certificate errors, ensure that the CSR for the XMPP server specifies:
domain. To avoid client certificate errors, ensure that the CSR for the XMPP server specifies:
3 Obtaining certificates