Cisco Cisco Meeting Server 2000
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Single Combined Deployments
15
Attribute
Description
Optional/Required
ST
Province,
Region,
County or
State
Region,
County or
State
For example, Buckinghamshire California. Do not abbreviate.
Use “” around the attribute if more than one word, e.g. New
Jersey”
Use “” around the attribute if more than one word, e.g. New
Jersey”
Optional
C
Country
The two-letter ISO code for the country where your
organization is located. For example, US, GB, FR.
organization is located. For example, US, GB, FR.
Optional
An email address
An email address to contact the organization. Usually the email
address of the certificate administrator or IT department.
address of the certificate administrator or IT department.
Optional
SAN
Subject
Alternative
Name
Alternative
Name
From X509 Version 3 (RFC 2459), SSL certificates are allowed
to specify multiple names that the certificate should match.
This field enables the generated certificate to cover multiple
domains. It can contain IP addresses, domain names, email
addresses, regular DNS host names, etc, separated by commas.
If you specify this list you must also include the CN in this list.
Although this is an optional field, the SAN field must be
completed in order for XMPP clients to accept a certificate,
otherwise the XMPP clients will display a certificate error.
to specify multiple names that the certificate should match.
This field enables the generated certificate to cover multiple
domains. It can contain IP addresses, domain names, email
addresses, regular DNS host names, etc, separated by commas.
If you specify this list you must also include the CN in this list.
Although this is an optional field, the SAN field must be
completed in order for XMPP clients to accept a certificate,
otherwise the XMPP clients will display a certificate error.
Required for
XMPP server
certificates or if a
single certificate
is to be used
across multiple
components. See
note below
XMPP server
certificates or if a
single certificate
is to be used
across multiple
components. See
note below
Points to note:
n
If you plan to use a dedicated certificate for the Web Bridge then specify in the CN field, the
FQDN that is defined in the DNS A record for the Web Bridge. Failure to specify the FQDN may
result in browser certificate errors.
FQDN that is defined in the DNS A record for the Web Bridge. Failure to specify the FQDN may
result in browser certificate errors.
n
If you plan to use a dedicated certificate for the XMPP Server then specify in the CN field, the
FQDN that is defined in the DNS SRV record for the XMPP Server. In the subjectAltName
field specify the domain name of the XMPP server and the DNS SRV record for the XMPP
Server
FQDN that is defined in the DNS SRV record for the XMPP Server. In the subjectAltName
field specify the domain name of the XMPP server and the DNS SRV record for the XMPP
Server
n
If you plan to use the same certificate across multiple components, for example the Web
Bridge, XMPP Server, Call Bridge and TURN server, then specify your domain name (DN) in
the CN field, and in the SAN field specify your domain name (DN) and the FQDN for each of
the components that will use the certificate.
Bridge, XMPP Server, Call Bridge and TURN server, then specify your domain name (DN) in
the CN field, and in the SAN field specify your domain name (DN) and the FQDN for each of
the components that will use the certificate.
n
In the SAN field, ensure there are no spaces between the "," delimiter and the items in the list.
For example:
CN=example.com
SAN=
callbridge1.example.com,callbridge2.example.com,callbridge3.example.c
om,xmppserver.example.com,webbridge.example.com,example.com
om,xmppserver.example.com,webbridge.example.com,example.com
If using the pki csr command:
3 Obtaining certificates