для Cisco Cisco Meeting Server 1000
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Scalable and Resilient Deployments
23
4 Installing signed certificates and private keys on
the Meeting Server
the Meeting Server
To summarize
, the scalable and resilient Meeting Server deployment requires public
CA signed certificates for:
n
the Web bridge, if Web RTC clients are to be enabled for use by end users. The Web RTC
client requires a public CA signed certificate from the Web Bridge in order to trust the
connection.
client requires a public CA signed certificate from the Web Bridge in order to trust the
connection.
n
the TURN server, if you plan to use TLS connections for secure communication.
n
the XMPP server, if native Cisco Meeting Apps (PC, Mac, iOS) are to be used by end users.
The Native Cisco Meeting Apps require a public CA signed certificate from the XMPP server
in order to trust the connection.
The Native Cisco Meeting Apps require a public CA signed certificate from the XMPP server
in order to trust the connection.
n
the Call Bridge, if direct Lync federation over a public network is required. The Lync Edge
server requires a public CA signed certificate from the Call Bridge in order to trust the
connection.
server requires a public CA signed certificate from the Call Bridge in order to trust the
connection.
And internal CA signed certificates for:
n
the Web Admin. The Meeting Server API is routed through the Web Admin Interface, so a
certificate is required even if you configure the Call Bridge through the API rather than the
Web Admin Interface.
certificate is required even if you configure the Call Bridge through the API rather than the
Web Admin Interface.
n
the Call Bridge. The Web Bridge requires a certificate from the Call Bridge. The Active
Directory Server also requires a certificate from the Call Bridge. In addition, if your
deployment has SIP trunks, then the Call Bridge requires a certificate for mutual
authentication with the SIP call control devices.
Directory Server also requires a certificate from the Call Bridge. In addition, if your
deployment has SIP trunks, then the Call Bridge requires a certificate for mutual
authentication with the SIP call control devices.
n
the Load Balancer, in split server deployments and if native Cisco Meeting Apps (PC, Mac,
iOS) are to be used by end users. The trunk between the Core and Edge server needs to
authenticate (trust) the certificate presented by the Load Balancer. This is part of the mutual
authentication that needs to be set up between the Load Balancer and the trunk so that the
XMPP server trusts the connection. The Load Balancer and the trunk cannot use the same
certificate. Note: the external native Cisco Meeting Apps do not check the Load Balancer
certificate.
iOS) are to be used by end users. The trunk between the Core and Edge server needs to
authenticate (trust) the certificate presented by the Load Balancer. This is part of the mutual
authentication that needs to be set up between the Load Balancer and the trunk so that the
XMPP server trusts the connection. The Load Balancer and the trunk cannot use the same
certificate. Note: the external native Cisco Meeting Apps do not check the Load Balancer
certificate.
n
the Trunk, in split server deployments and if native Cisco Meeting Apps (PC, Mac, iOS) are
to be used by end users. The Load Balancer in the Edge server needs to authenticate (trust)
the certificate presented by the trunk. This is the other part of the mutual authentication that
needs to be set up between the Load Balancer and the trunk. The trunk and the Load
Balancer cannot use the same certificate.
to be used by end users. The Load Balancer in the Edge server needs to authenticate (trust)
the certificate presented by the trunk. This is the other part of the mutual authentication that
needs to be set up between the Load Balancer and the trunk. The trunk and the Load
Balancer cannot use the same certificate.
4 Installing signed certificates and private keys on the Meeting Server