AD-HOC作为一种常用的会议类型,可以很简单、方便的实现三方或更多方会议,接下来将会介绍如何使用CMS作为会议桥资源实现AD-HOC。本文章使用CUCM11.5SU1和CMS2.3.3作为实验案例,请大家根据自己的环境完成相应的配置。

注意
CUCM11.5 SU3之前的版本,使用的是TLS 1.0版本,CMS2.3+使用的是TLS1.2版本,如果CUCM11.5 SU3 之前版本与CMS2.3+进行集成,需要修改CMS TLS的版本信息,请参考一下命令:
CMS Command:

tls webadmin min-tls-version 1.0
tls sip min-tls-version 1.0

以下为配置流程:

  1. 证书相关配置
  2. CMS相关配置
  3. CUCM相关配置
  4. 测试

  1. 证书相关配置
    CUCM 与CMS实现AD-HOC必须要实现证书的相互信任,因此需要以下证书申请(CA或OpenSSL)
    (1) CUCM侧所需证书:
    A. 从CA或OpenSSL下载根证书,如下图所示以CA为例:

    B. 上传根证书到callmanger-trust
    登陆CUCM>Cisco Unified OS Administration>Security>Certificate Management 点击Upload Certificate/Certificate Chain,填写一下参数,点击upload。
    Certificate PurposeRequired Field: CallManager-trust
    Description(friendly name) :CUCM trust ROOTCA from CA
    Upload File: rootca.cer(根据自己的命名找到对应的rootca)

     C. CUCM申请callmanager证书并上传到Callmanager
     1). 申请CSR,
    Generate Certificate Signing Request 
            Certificate PurposeRequired FieldRequired Field: CallManager
            DistributionRequired Field:默认即可
            Common NameRequired Field:默认即可
    Subject Alternate Names (SANs)
             Parent Domain: cms.bv.lab(域名)
             Key TypeRequired FieldRequired Field   RSA 
             Key LengthRequired Field: 默认即可(2048)
             Hash AlgorithmRequired Field: 默认即可(SHA256)



    2).下载生成的CSR
    3). 生成cer
    登陆CA http://10.79.246.137/certsrv—>Request a certificate->advanced certificate request,点击submit

    4). 上传证书到CUCM callmanager
    登陆CUCM>Cisco Unified OS Administration>Security>Certificate Management 点击Upload Certificate/Certificate Chain,填写一下参数,点击upload。

(2) CMS侧证书
A. 生成CSR,并下载cama.csr. CN:域名 subjectAltName: CMS cluster中的所有域名和地址

pki csr cmsa CN:cms.bv.lab subjectAltName:cmsa.cms.bv.lab,cmsb.cms.bv.lab,cmsc.cms.bv.lab,10.79.246.177,10.79.246.178,10.79.246.185
pki list
User supplied certificates and keys:
cmsa.key
cmsa.csr
B. 生成Cer
登陆CA http://10.79.246.137/certsrv—>Request a certificate->advanced certificate request,点击submit
C.上传根证书和CMS证书
pki list
User supplied certificates and keys:
cmsa.cer
rootca.cer

  1. CMS相关配置
    A. 配置callbridge
    cmsa> callbridge
    Listening interfaces : a
    Preferred interface : none
    Key file : cmsa.key
    Certificate file : cmsa.cer
    Address : none
    CA Bundle file : rootca.cer
    B: 配置webadmin
    cmsa> webadmin
    Enabled : true
    TLS listening interface : a
    TLS listening port : 8443
    Key file : cmsa.key
    Certificate file : cmsa.cer
    CA Bundle file : rootca.cer
    HTTP redirect : Disabled
    STATUS : webadmin running
    C: 配置incoming call
  1. CUCM相关配置
    A:上传CMS webadmin证书到callmanager-trust
    B: 添加trunk
    C: SIP profile
    Use Fully Qualified Domain Name in SIP Requests 必选
    Conference Join Enabled 必选
    Deliver Conference Bridge Identifier 必选
    Enable OPTIONS Ping to monitor destination status for Trunks with Service Type "None (Default)" 可选
    Allow Presentation Sharing using BFCP 可选
    Allow iX Application Media 可选
    Allow multiple codecs in answer SDP 可选
    D:添加conference bridge. HTTP port 为CMS webadmin登陆的端口号(Note: CUCM11.5SU3以下版本,conference Bridge type只能选择“Cisco TelePresene Conductor”, cucm11.5su3以上版本可以选择"cisco meeting sertver")

Cisco Official link for certificate: https://www.cisco.com/c/en/us/support/docs/conferencing/meeting-server/213820-configure-cisco-meeting-server-and-cucm.html