註意
CUCM11.5 SU3之前的版本，使用的是TLS 1.0版本，CMS2.3+使用的是TLS1.2版本，如果CUCM11.5 SU3 之前版本與CMS2.3+進行集成，需要修改CMS TLS的版本信息，請參考一下命令：
CMS Command:

tls webadmin min-tls-version 1.0
tls sip min-tls-version 1.0

以下為配置流程：

1. 證書相關配置
2. CMS相關配置
3. CUCM相關配置
4. 測試

1. 證書相關配置
   CUCM 與CMS實現AD-HOC必須要實現證書的相互信任，因此需要以下證書申請（CA或OpenSSL）
   (1) CUCM側所需證書：
   A. 從CA或OpenSSL下載根證書，如下圖所示以CA為例：
   

   B. 上傳根證書到callmanger-trust
   登陸CUCM>Cisco Unified OS Administration>Security>Certificate Management 點擊Upload Certificate/Certificate Chain，填寫一下參數，點擊upload。
   

   Certificate PurposeRequired Field： CallManager-trust
   Description(friendly name) ：CUCM trust ROOTCA from CA
   Upload File： rootca.cer(根據自己的命名找到對應的rootca)
   

    C. CUCM申請callmanager證書並上傳到Callmanager
    1). 申請CSR,
   Generate Certificate Signing Request 
           Certificate PurposeRequired FieldRequired Field: CallManager
           DistributionRequired Field:默認即可
           Common NameRequired Field:默認即可
   Subject Alternate Names (SANs)
            Parent Domain: cms.bv.lab(域名)
            Key TypeRequired FieldRequired Field   RSA 
            Key LengthRequired Field: 默認即可（2048）
            Hash AlgorithmRequired Field: 默認即可（SHA256）
    
   

   
   
   2).下載生成的CSR
   3). 生成cer
   登陸CA http://10.79.246.137/certsrv—>Request a certificate->advanced certificate request，點擊submit
   
   4). 上傳證書到CUCM callmanager
   登陸CUCM>Cisco Unified OS Administration>Security>Certificate Management 點擊Upload Certificate/Certificate Chain，填寫一下參數，點擊upload。
   

(2) CMS側證書
A. 生成CSR，並下載cama.csr. CN：域名 subjectAltName: CMS cluster中的所有域名和地址

pki csr cmsa CN:cms.bv.lab subjectAltName:cmsa.cms.bv.lab,cmsb.cms.bv.lab,cmsc.cms.bv.lab,10.79.246.177,10.79.246.178,10.79.246.185
pki list
User supplied certificates and keys:
cmsa.key
cmsa.csr
B. 生成Cer
登陸CA http://10.79.246.137/certsrv—>Request a certificate->advanced certificate request，點擊submit
C.上傳根證書和CMS證書
pki list
User supplied certificates and keys:
cmsa.cer
rootca.cer

2. CMS相關配置
   A. 配置callbridge
   cmsa> callbridge
   Listening interfaces : a
   Preferred interface : none
   Key file : cmsa.key
   Certificate file : cmsa.cer
   Address : none
   CA Bundle file : rootca.cer
   B: 配置webadmin
   cmsa> webadmin
   Enabled : true
   TLS listening interface : a
   TLS listening port : 8443
   Key file : cmsa.key
   Certificate file : cmsa.cer
   CA Bundle file : rootca.cer
   HTTP redirect : Disabled
   STATUS : webadmin running
   C: 配置incoming call
   

3. CUCM相關配置
   A：上傳CMS webadmin證書到callmanager-trust
   B: 添加trunk
   C: SIP profile
   Use Fully Qualified Domain Name in SIP Requests 必選
   Conference Join Enabled 必選
   Deliver Conference Bridge Identifier 必選
   Enable OPTIONS Ping to monitor destination status for Trunks with Service Type "None (Default)" 可選
   Allow Presentation Sharing using BFCP 可選
   Allow iX Application Media 可選
   Allow multiple codecs in answer SDP 可選
   D：添加conference bridge. HTTP port 為CMS webadmin登陸的端口號(Note: CUCM11.5SU3以下版本，conference Bridge type只能選擇“Cisco TelePresene Conductor”, cucm11.5su3以上版本可以選擇"cisco meeting sertver")
   

Cisco CMS Ad-Hoc Conferencing with CUCM