для Cisco Cisco Meeting Server 1000
Cisco Meeting Server Release 2.0 : Certificate Guidelines for Scalable and Resilient Deployments
33
i. Combine all of their certificates into one bundle of trusted certificates, in one of the
following ways:
o
Linux or UNIX-like Operating Systems:
cat cert1.crt cert2.crt cert3.crt >
combinedcallbridgecerts.crt
combinedcallbridgecerts.crt
o
Windows or DOS:
copy cert1.crt + cert2.crt + cert3.crt
combinedcallbridgecert.crt
combinedcallbridgecert.crt
o
Manually combine the certificates using Notepad or Notepad++. There must be no
spaces on the first certificate’s “END CERTIFICATE” line and the second (and further
certificate’s) “BEGIN CERTIFICATE” line, but there MUST be a carriage return at the
end of the file. They MUST also be in Base64 encoded format.
spaces on the first certificate’s “END CERTIFICATE” line and the second (and further
certificate’s) “BEGIN CERTIFICATE” line, but there MUST be a carriage return at the
end of the file. They MUST also be in Base64 encoded format.
ii. Then deploy that certificate bundle on each Web Bridge with the command:
webbridge trust combinedcallbridgecert.crt
4. Re-enable the Web Bridge
5. To verify that the Web Bridge has the Call Bridge certificate in its trust store:
cms>
webbridge
Enabled : true
Interface whitelist : a:443
Key file : webbridge.key
Certificate file : webbridge.crt
Trust bundle : callbridge.crt
HTTP redirect : Enabled
Interface whitelist : a:443
Key file : webbridge.key
Certificate file : webbridge.crt
Trust bundle : callbridge.crt
HTTP redirect : Enabled
4.8 Installing the Certificates and Private Keys for database clustering
CAUTION:
These instructions can only be run on a disabled database cluster. If you have already
set up a database cluster you must run the database cluster remove command on every
server in the cluster, then run the commands in this section before re-creating the cluster.
server in the cluster, then run the commands in this section before re-creating the cluster.
The certificate for the database client must have CN set to “postgres”. You can check that
certificate is suitable using the pki inspect command. For example:
certificate is suitable using the pki inspect command. For example:
cms>
pki inspect dbclient.crt
Checking ssh public keys...not found
Checking user configured certificates and keys...found
File contains a PEM encoded certificate
Certificate:
Checking user configured certificates and keys...found
File contains a PEM encoded certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
Serial Number:
58:00:00:00:1c:3b:92:8a:95:d2:21:89:58:00:00:00:00:00:1c
4 Installing signed certificates and private keys on the Meeting Server