Cisco Acano X-series
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Single Combined Deployments
17
n
the DNS record for the XMPP server in the CN field, and in subjectAltName field
n
the XMPP server’s domain name in the subjectAltName field
For example, if the XMPP domain is configured as example.com and DNS is
xmpp.example.com, the CN should be xmpp.example.com and within the SAN list you must
add xmpp.example.com and example.com. . Note: pki csr will automatically append the CN
to the SAN list if a SAN list exists.
xmpp.example.com, the CN should be xmpp.example.com and within the SAN list you must
add xmpp.example.com and example.com. . Note: pki csr will automatically append the CN
to the SAN list if a SAN list exists.
pki csr xmppserver CN:xmpp.example.com O:”Example Inc.”
subjectAltName:example.com
subjectAltName:example.com
or using the wildcard:
pki csr xmppserver CN:*.example.com O:”Example Inc.”
subjectAltName:example.com
subjectAltName:example.com
generates two files: xmppserver.key and xmppserver.csr, for the XMPP server in domain
example.com. Submit the .csr file to a public CA for signing, see
example.com. Submit the .csr file to a public CA for signing, see
. The files can be
immediately retrieved from the Meeting Server by using SFTP.
provides details on uploading certificates for XMPP servers.
3.1.3 CSR for the TURN server
If you plan to use TLS on a TURN server, then the TURN server will require a certificate/key pair
similar to that created for the Web Bridge, so that WebRTC clients trusts the connection. The
certificate should be signed by the same Certificate Authority as used for the Web Bridge
certificate.
similar to that created for the Web Bridge, so that WebRTC clients trusts the connection. The
certificate should be signed by the same Certificate Authority as used for the Web Bridge
certificate.
For example:
pki csr turnserver CN:www.example.com O:”Example Inc.”
The example will generate two files: turn.key and turn.csr. The files can be immediately retrieved
from the Meeting Server by using SFTP. Submit the .csr file to a public CA for signing, see
from the Meeting Server by using SFTP. Submit the .csr file to a public CA for signing, see
provides details on uploading certificates for TURN servers.
3.2 Signing the CSR using a public Certificate Authority
Refer to
for a list of public CA signed certificates required for the Meeting Server.
To obtain a public CA signed certificate, send the generated .csr file to your preferred
Certificate Authority, for example Verisign. The CA will verify your identity and issue a signed
certificate. The certificate file will have a .pem, .cer or .crt extension.
Certificate Authority, for example Verisign. The CA will verify your identity and issue a signed
certificate. The certificate file will have a .pem, .cer or .crt extension.
provides a brief
overview of file extensions used for certificate files.
Before transferring the signed certificate and the private key to the Meeting Server, check the
certificate file. If the CA has issued you a chain of certificates, you will need to extract the
certificate from the chain. Open the certificate file and copy the specific certificate text including
certificate file. If the CA has issued you a chain of certificates, you will need to extract the
certificate from the chain. Open the certificate file and copy the specific certificate text including
3 Obtaining certificates