Cisco Acano X-series
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Single Combined Deployments
36
Com
man
d/
Exam
ples
man
d/
Exam
ples
Description/Notes
continued from previous page
Attributes are:
CN: commonName which should be on the certificate. The commonName should be the DNS
name for the system.
name for the system.
OU: Organizational Unit
O: Organization
O: Organization
L: Locality
ST: State
C: Country
email address
subjectAltName:
Note: Use " " around attributes that are more than one word, e.g.
O:“Example Inc.”
The CSR file can be downloaded by SFTP and given to a certificate authority (CA) to be signed. On
return it must be uploaded via SFTP. It can then be used as a certificate.
return it must be uploaded via SFTP. It can then be used as a certificate.
The pki csr <key/cert basename> [<attribute>:<value>] accepts subjectAltName as an
attribute. IP addresses and domain names are supported for subjectAltName in a comma
separated list.
attribute. IP addresses and domain names are supported for subjectAltName in a comma
separated list.
For example:
pki csr test1 CN:example.exampledemo.com subjectAltName:exampledemo.com
pki csr test1 CN:example.exampledemo.com C:US L:Purcellville O:Example
OU:Support ST:Virginia subjectAltName:exampledemo.com
pki csr test3 CN:example.exampledemo.com C:US L:Purcellville O:Example
OU:Support ST:Virginia
subjectAltName:exampledemo.com,192.168.1.25,xmpp.exampledemo.com,server.exampled
emo.com,join.exampledemo.com,test.exampledemo.com
You can include a wildcard for the CN and subjectAltName. For example:
pki csr test4 CN:*.exampledemo.com C:US L:Purcellville O:Example
subjectAltName:*,exampledemo.com,exampledemo.com
Keep the size of certificates and the number of certificates in the chain to a minimum; otherwise
TLS handshake round trip times will become long.
TLS handshake round trip times will become long.
Appendix C MMP PKI commands