Which two are the requirements of database cluster client and server certificates when configuring database clustering on Cisco Meeting Servers? (Choose two.)
A. The CN of the database cluster server certificate must include the domain name of the Call Bridge
B. The CN of the database cluster server certificate must include the hostname of the Call Bridge
C. The CN of a database cluster client certificate must include the Call Bridge server name
D. The CN of a database cluster client certificate must include the “postgres” keyword
E. The CN of the database cluster server certificate must include the FQDN of the Call Bridge
F. The CN of a database cluster client certificate must include the domain name of the Call Bridge
D & F
https://www.cisco.com/c/en/us/support/docs/conferencing/meeting-server/210530-configure-cisco-meeting-server-call-brid.html
Configure
There are two types of certificates for the DB clustering:
1. Client: The client certificate, as the name sugest, is used by the DB clients to connect to the DB server (Master). This certificate must contain the string, postgres, in its Common Name (CN) field.
2. Server: The server certificate, as the name sugest, is used by the DB server to connect to the postgres DB.
Part 1. Certificate Creation
1. Connect with a Secure Shell (SSH) with the admin credentials to the server MMP.
2. Generate Certificate Signing Request (CSR):
a. For the databasecluster client certificate:
pki csr CN:postgres
For example: pki csr databasecluster_client CN:postgres
b. For the databasecluster server certificate:
pki csr CN:
For example: pki csr databasecluster_server CN:vngtpres.aca
3. Send the CSRs to your Cettificate autority (CA) to have them signed. Ensure that the CA provides you with the Root CA (and any intermediate CA) certificates.
4. Upload the signed certificates, Root CA (and any intermediate CA) certificates onto all the DB nodes using an Secure File Transfer Protocol (SFTP) client (for example WinSCP).
Note: The CN for Part A must be postgres and Part B can be the domain name of the call bridge, no Subject Alternate Name (SAN) entries are required.
A & D (F is database cluster client, A is database cluster server)
D,E
For the database clustering:
1. Create a private key and Certificate Request File for the database server. You can use the
same certificate on all of the servers in the database cluster; specify the FQDN of one of the
servers in the CN field and specify the FQDN of the other servers in the SAN field. If using
“Extended Key Usage”, ensure “Server Authentication” is allowed for the database server.
For example:
pki csr db01server CN:www.example.com
generates a CSR file named db01server.csr and private key named db01server.key.
2. Create a private key and Certificate Request File for the database client. The CommonName
(CN) for a database client must equal ‘postgres’. If using “Extended Key Usage”, ensure
“Client Authentication” is allowed for the database client.
For example:
pki csr db01client CN:postgres
https://www.cisco.com/c/dam/en/us/td/docs/conferencing/ciscoMeetingServer/Deployment_Guide/Version-2-5/Certificate-Guidelines-Scalable-and-Resilient-Deployment-2-5.pdf