Cisco Meeting Server 2.2.7 Single Combined Server and WebRTC over Expressway
This development is done in single domain environment.
Certificates in CUCM & IMP
Certificate in CMS
callbridge1.voicelab.ca> pki csr voicelab CN:*.voicelab.ca subjectAltName:*.voicelab.ca,voicelab.ca
sign it with ClientServer template
Upload root cert and signed cert
How to create CA Bundle
You have root ca and intermediate ca certs
Create you bundle like this format:
copy intermediateCA2 + intermediateCA1 + ROOTCA.cer yourname-bundle.cer
Activate CMS components
Webadmin
callbridge1.voicelab.ca> webadmin certs voicelab.key voicelab.cer voicelab_root.cer
callbridge1.voicelab.ca> webadmin enable
SUCCESS: TLS interface and port configured
SUCCESS: Key and certificate pair match
SUCCESS: certificate verified against CA bundle
callbridge1.voicelab.ca> webadmin
Enabled : true
TLS listening interface : a
TLS listening port : 445
CallBridge
callbridge1.voicelab.ca> callbridge certs voicelab.key voicelab.cer voicelab_root.cer
callbridge1.voicelab.ca> callbridge restart
SUCCESS: listen interface configured
SUCCESS: Key and certificate pair match
SUCCESS: certificate verified against CA bundle
callbridge1.voicelab.ca> callbridge
Listening interfaces : a
Preferred interface : none
Key file : voicelab.key
Certificate file : voicelab.cer
Address : none
CA Bundle file : voicelab_root.cer
Webbridge
callbridge1.voicelab.ca> webbridge certs voicelab.key voicelab.cer voicelab_root.cer
callbridge1.voicelab.ca> webbridge trust voicelab.cer
callbridge1.voicelab.ca> webbridge trust voicelab.cer
callbridge1.voicelab.ca> webbridge enable
SUCCESS: Key and certificate pair match
SUCCESS: certificate verified against CA bundle
SUCCESS: Webbridge enabled
callbridge1.voicelab.ca> webbridgeEnabled : false
Interface whitelist : a:443
Key file : voicelab.key
Certificate file : voicelab.cer
CA Bundle file : voicelab_root.cer
Trust bundle : voicelab.cer <--- callbridge's certificate, otherwise there is no guest login
HTTP redirect : Enabled
Clickonce URL : none
MSI download URL : none
DMG download URL : none
iOS download URL : none
Xmpp
callbridge1.voicelab.ca> xmpp certs voicelab.key voicelab.cer voicelab_root.cer
callbridge1.voicelab.ca> xmpp domain voicelab.ca
callbridge1.voicelab.ca> xmpp callbridge add ca_voicelab
callbridge1.voicelab.ca> xmpp callbridge list
***
Callbridge : ca_voicelab
Domain : voicelab.ca
Secret : 7Ldig3t9WnEo0m3LAb1
Connect to XMPP
Active Directory
Filter out users that only have a number in pager field:
(&(objectCategory=Person)(sAMAccountName=*)(ipPhone=*)(mail=*)(pager=*))
CMS SIP Trunk
Route group, List, Pattern
88 is a dialed prefix
Creating spaces
WebCRT through Expressway
Public A record join.voicelab.ca to Expressway
Expressway CSRs on both C and E have to be signed with ClientServer template
Change port number on E
MRA Zone
Enable Meeting Server Web proxy
Enable TURN on Expressway-E
Add WebBridge FQDN onto E certificate SAN
Sign with ClientServer template and upload
Add E as TURN Server for media NAT traversal onto CMS
Add TURN Client user account
Create XMPP SRV in the public DNS
Enable TURN on Single combined without Expressway
callbridge1.voicelab.ca> turn certs voicelab.key voicelab.cer voicelab_root.cer
callbridge1.voicelab.ca> turn a lo
callbridge1.voicelab.ca> turn tls 447
callbridge1.voicelab.ca> turn credentials turnuser YOURPASSWORD voicelab.ca
callbridge1.voicelab.ca> turn public-ip PUBLIC_IP
callbridge1.voicelab.ca> turn
Enabled : true
Username : turnuser
Password : YOURPASSWORD
Realm : voicelab.ca
Public IP : PUBLIC_IP
Relay address : PRIVATE_IP
TLS port : 447
TLS cert : voicelab.cer
TLS key : voicelab.key
TLS bundle : voicelab_root.cer
Listen interface a
Listen interface lo
No comments:
Post a Comment