Cisco Bug: CSCum98717 - SSL configuration should be splited for internal and external components
Nov 11, 2016
- Cisco Webex Meetings Server
Known Affected Releases
Symptom: Currently, in CWMS, you can upload only a single SSL cert with Subject Alternative Names for all components in the deployment. This requires customers to purchase SAN SSL certs for the entire solution. The alternative is to use wildcard certs, but many customers prefer not to due to administrative complications if the cert needs to be replaced. Customers would like to see a possibility in CWMS to import publicly signed SSL certs for IRP servers (externally facing servers), while being able to separately import internally generated, self-signed certs for internal components. Conditions: CWMS In November 2015, Public CA will stop supporting internal domains, and they already stopped issuing SSL certs for FQDNs including internal domains. Since CWMS uses SAN SSL certs, if the solution is deployed with internal domains (e.g. .internal, .lan, .local), Public CA won't issue a SSL cert, and the system won't be possible to use.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases