Cisco CMS Ad-Hoc Conferencing with CUCM

AD-HOC做爲一種經常使用的會議類型，能夠很簡單、方便的實現三方或更多方會議，接下來將會介紹如何使用CMS做爲會議橋資源實現AD-HOC。本文章使用CUCM11.5SU1和CMS2.3.3做爲實驗案例，請你們根據本身的環境完成相應的配置。

注意
CUCM11.5 SU3以前的版本，使用的是TLS 1.0版本，CMS2.3+使用的是TLS1.2版本，若是CUCM11.5 SU3 以前版本與CMS2.3+進行集成，須要修改CMS TLS的版本信息，請參考一下命令：
CMS Command:

tls webadmin min-tls-version 1.0
tls sip min-tls-version 1.0

如下爲配置流程：

1. 證書相關配置
2. CMS相關配置
3. CUCM相關配置
4. 測試

---

1. 證書相關配置
   CUCM 與CMS實現AD-HOC必需要實現證書的相互信任，所以須要如下證書申請（CA或OpenSSL）
   (1) CUCM側所需證書：
   A. 從CA或OpenSSL下載根證書，以下圖所示以CA爲例：
   

   B. 上傳根證書到callmanger-trust
   登錄CUCM>Cisco Unified OS Administration>Security>Certificate Management 點擊Upload Certificate/Certificate Chain，填寫一下參數，點擊upload。
   Certificate PurposeRequired Field： CallManager-trust
   Description(friendly name) ：CUCM trust ROOTCA from CA
   Upload File： rootca.cer(根據本身的命名找到對應的rootca)
   

   C. CUCM申請callmanager證書並上傳到Callmanager
    1). 申請CSR,
   Generate Certificate Signing Request 
           Certificate PurposeRequired FieldRequired Field: CallManager
           DistributionRequired Field:默認便可
           Common NameRequired Field:默認便可
   Subject Alternate Names (SANs)
            Parent Domain: cms.bv.lab(域名)
            Key TypeRequired FieldRequired Field   RSA 
            Key LengthRequired Field: 默認便可（2048）
            Hash AlgorithmRequired Field: 默認便可（SHA256）

   
   
   2).下載生成的CSR
   3). 生成cer
   登錄CA http://10.79.246.137/certsrv—>Request a certificate->advanced certificate request，點擊submit
   
   4). 上傳證書到CUCM callmanager
   登錄CUCM>Cisco Unified OS Administration>Security>Certificate Management 點擊Upload Certificate/Certificate Chain，填寫一下參數，點擊upload。
   

(2) CMS側證書
A. 生成CSR，並下載cama.csr. CN：域名 subjectAltName: CMS cluster中的全部域名和地址

pki csr cmsa CN:cms.bv.lab subjectAltName:cmsa.cms.bv.lab,cmsb.cms.bv.lab,cmsc.cms.bv.lab,10.79.246.177,10.79.246.178,10.79.246.185
pki list
User supplied certificates and keys:
cmsa.key
cmsa.csr
B. 生成Cer
登錄CA http://10.79.246.137/certsrv—>Request a certificate->advanced certificate request，點擊submit
C.上傳根證書和CMS證書
pki list
User supplied certificates and keys:
cmsa.cer
rootca.cer

2. CMS相關配置
   A. 配置callbridge
   cmsa> callbridge
   Listening interfaces : a
   Preferred interface : none
   Key file : cmsa.key
   Certificate file : cmsa.cer
   Address : none
   CA Bundle file : rootca.cer
   B: 配置webadmin
   cmsa> webadmin
   Enabled : true
   TLS listening interface : a
   TLS listening port : 8443
   Key file : cmsa.key
   Certificate file : cmsa.cer
   CA Bundle file : rootca.cer
   HTTP redirect : Disabled
   STATUS : webadmin running
   C: 配置incoming call
   

3. CUCM相關配置
   A：上傳CMS webadmin證書到callmanager-trust
   B: 添加trunk
   C: SIP profile
   Use Fully Qualified Domain Name in SIP Requests 必選
   Conference Join Enabled 必選
   Deliver Conference Bridge Identifier 必選
   Enable OPTIONS Ping to monitor destination status for Trunks with Service Type "None (Default)" 可選
   Allow Presentation Sharing using BFCP 可選
   Allow iX Application Media 可選
   Allow multiple codecs in answer SDP 可選
   D：添加conference bridge. HTTP port 爲CMS webadmin登錄的端口號(Note: CUCM11.5SU3如下版本，conference Bridge type只能選擇「Cisco TelePresene Conductor」, cucm11.5su3以上版本能夠選擇"cisco meeting sertver")
   

Cisco Official link for certificate: https://www.cisco.com/c/en/us/support/docs/conferencing/meeting-server/213820-configure-cisco-meeting-server-and-cucm.html