Cisco CMS Ad-Hoc Conferencing with CUCM

AD-HOC做为一种经常使用的会议类型，能够很简单、方便的实现三方或更多方会议，接下来将会介绍如何使用CMS做为会议桥资源实现AD-HOC。本文章使用CUCM11.5SU1和CMS2.3.3做为实验案例，请你们根据本身的环境完成相应的配置。

注意
CUCM11.5 SU3以前的版本，使用的是TLS 1.0版本，CMS2.3+使用的是TLS1.2版本，若是CUCM11.5 SU3 以前版本与CMS2.3+进行集成，须要修改CMS TLS的版本信息，请参考一下命令：
CMS Command:

tls webadmin min-tls-version 1.0
tls sip min-tls-version 1.0

如下为配置流程：

1. 证书相关配置
2. CMS相关配置
3. CUCM相关配置
4. 测试

---

1. 证书相关配置
   CUCM 与CMS实现AD-HOC必需要实现证书的相互信任，所以须要如下证书申请（CA或OpenSSL）
   (1) CUCM侧所需证书：
   A. 从CA或OpenSSL下载根证书，以下图所示以CA为例：
   

   B. 上传根证书到callmanger-trust
   登录CUCM>Cisco Unified OS Administration>Security>Certificate Management 点击Upload Certificate/Certificate Chain，填写一下参数，点击upload。
   Certificate PurposeRequired Field： CallManager-trust
   Description(friendly name) ：CUCM trust ROOTCA from CA
   Upload File： rootca.cer(根据本身的命名找到对应的rootca)
   

   C. CUCM申请callmanager证书并上传到Callmanager
    1). 申请CSR,
   Generate Certificate Signing Request 
           Certificate PurposeRequired FieldRequired Field: CallManager
           DistributionRequired Field:默认便可
           Common NameRequired Field:默认便可
   Subject Alternate Names (SANs)
            Parent Domain: cms.bv.lab(域名)
            Key TypeRequired FieldRequired Field   RSA 
            Key LengthRequired Field: 默认便可（2048）
            Hash AlgorithmRequired Field: 默认便可（SHA256）

   
   
   2).下载生成的CSR
   3). 生成cer
   登录CA http://10.79.246.137/certsrv—>Request a certificate->advanced certificate request，点击submit
   
   4). 上传证书到CUCM callmanager
   登录CUCM>Cisco Unified OS Administration>Security>Certificate Management 点击Upload Certificate/Certificate Chain，填写一下参数，点击upload。
   

(2) CMS侧证书
A. 生成CSR，并下载cama.csr. CN：域名 subjectAltName: CMS cluster中的全部域名和地址

pki csr cmsa CN:cms.bv.lab subjectAltName:cmsa.cms.bv.lab,cmsb.cms.bv.lab,cmsc.cms.bv.lab,10.79.246.177,10.79.246.178,10.79.246.185
pki list
User supplied certificates and keys:
cmsa.key
cmsa.csr
B. 生成Cer
登录CA http://10.79.246.137/certsrv—>Request a certificate->advanced certificate request，点击submit
C.上传根证书和CMS证书
pki list
User supplied certificates and keys:
cmsa.cer
rootca.cer

2. CMS相关配置
   A. 配置callbridge
   cmsa> callbridge
   Listening interfaces : a
   Preferred interface : none
   Key file : cmsa.key
   Certificate file : cmsa.cer
   Address : none
   CA Bundle file : rootca.cer
   B: 配置webadmin
   cmsa> webadmin
   Enabled : true
   TLS listening interface : a
   TLS listening port : 8443
   Key file : cmsa.key
   Certificate file : cmsa.cer
   CA Bundle file : rootca.cer
   HTTP redirect : Disabled
   STATUS : webadmin running
   C: 配置incoming call
   

3. CUCM相关配置
   A：上传CMS webadmin证书到callmanager-trust
   B: 添加trunk
   C: SIP profile
   Use Fully Qualified Domain Name in SIP Requests 必选
   Conference Join Enabled 必选
   Deliver Conference Bridge Identifier 必选
   Enable OPTIONS Ping to monitor destination status for Trunks with Service Type "None (Default)" 可选
   Allow Presentation Sharing using BFCP 可选
   Allow iX Application Media 可选
   Allow multiple codecs in answer SDP 可选
   D：添加conference bridge. HTTP port 为CMS webadmin登录的端口号(Note: CUCM11.5SU3如下版本，conference Bridge type只能选择“Cisco TelePresene Conductor”, cucm11.5su3以上版本能够选择"cisco meeting sertver")
   

Cisco Official link for certificate: https://www.cisco.com/c/en/us/support/docs/conferencing/meeting-server/213820-configure-cisco-meeting-server-and-cucm.html