Guest

Preview Tool

Cisco Bug: CSCum98717 - SSL configuration should be splited for internal and external components

Last Modified

Nov 11, 2016

Products (1)

  • Cisco Webex Meetings Server

Known Affected Releases

1.5

Description (partial)

Symptom:
Currently, in CWMS, you can upload only a single SSL cert with Subject Alternative Names for all components in the deployment. This requires customers to purchase SAN SSL certs for the entire solution. The alternative is to use wildcard certs, but many customers prefer not to due to administrative complications if the cert needs to be replaced.
Customers would like to see a possibility in CWMS to import publicly signed SSL certs for IRP servers (externally facing servers), while being able to separately import internally generated, self-signed certs for internal components.

Conditions:
CWMS
In November 2015, Public CA will stop supporting internal domains, and they already stopped issuing SSL certs for FQDNs including internal domains. Since CWMS uses SAN SSL certs, if the solution is deployed with internal domains (e.g. .internal, .lan, .local), Public CA won't issue a SSL cert, and the system won't be possible to use.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.