Cisco Unified MeetingPlace - WebEx Certificate Upgrade

From DocWiki

Jump to: navigation, search

Contents

Introduction

Cisco has determined that patches related to security certificate needs to be installed by MeetingPlace customers in order for normal operation of WebEx/MeetingPlace conferencing system. Failure to install the patch will result in service outage and disruption.
Please reference the readme file for each hotfix for specific install directions and details.


Overview for Instructions to Download & Install the Hotfix


Determining the Version for MeetingPlace

  • Determine MeetingPlace version:
  1. Log into the Cisco Unified MeetingPlace Administration Center web interface of a MeetingPlace Application Server
  2. On the bottom left above the copyright information should show the full version
    • For Example: Version: 8.5.4.18
  • Alternate method
  1. SSH into the MeetingPlace Application Server
  2. The SSH session will prompt you for a username. The username to MeetingPlace will always be “mpxadmin”
    • The password for the mpxadmin account would have been configured at the installation of the system.
  3. Enter the command 'swstatus'
  4. Check the version number next to Conference server
    • For Example: Conference server 8.5.4.14
    • Note that due to different hotfixes, this version number may not match up exactly what is shown on the web interface of the Application Server


Determining the Deployment Type for MeetingPlace

Deployment Types applicable for these patches will be either WebEx Scheduling or MeetingPlace Scheduling


Release 8.5

  1. Log into the Cisco Unified MeetingPlace Administration Center web interface of a MeetingPlace Application Server
  2. On the Home page, in the middle of the page, review the setting for "Deployment Type:"
    • "Deployment Type: MeetingPlace/WebEx with WebEx Scheduling" will indicate a WebEx Scheduling Deployment
    • "Deployment Type: MeetingPlace/WebEx with MeetingPlace Scheduling" will indicate a MeetingPlace Scheduling Deployment
    • "Deployment Type: MeetingPlace Audio Only with MeetingPlace Scheduling" will indicate an Audio Only Deployment and you will not need to install any of the list patches on this page


Release 8.0 and 7.x

  1. Log into the Cisco Unified MeetingPlace Administration Center web interface of a MeetingPlace Application Server
  2. From the Home page, click on System Configuration, then Cisco WebEx Configuration, and then Cisco WebEx Site and Server
  3. On the Cisco WebEx Site and Server page, review the setting for "Conference scheduling"
    • "Schedule and join from Cisco WebEx" will indicate a WebEx Scheduling Deployment
    • "Schedule and join from Cisco Unified MeetingPlace" will indicate a MeetingPlace Scheduling Deployment
    • "Audio/video only - schedule from Cisco Unified MeetingPlace" will indicate an Audio Only Deployment and you will not need to install any of the list patches on this page


WebEx Scheduling Deployments

  • From the download page, navigate to your MeetingPlace version (such as 8.0 or 8.5), then Unified MeetingPlace Application server, then select your current version using the All Releases dropdown on the left.
    • The hotfix consists of two files, named on the download page as Cisco Unified MeetingPlace Application Server Release version Update Cert Trust Store and Cisco Unified MeetingPlace Application Server Release version Cert Registration.
    • Downloading those files results in two .bin files named MP_HF_Update_Certs version.bin and version _hotfix_Multinode_Admin_ConfMan.bin respectively.
    • There is also a readme detailing specifically how to apply and verify these two patches. It is named Cisco Unified MeetingPlace Application Server Release version Certificate Patch Readme.



MeetingPlace Scheduling Deployments

  • NOTE: MeetingPlace Scheduling Deployments instructions only apply to WebEx integrated deployments where scheduling is done on either an internal MeetingPlace Web Server or from a MeetingPlace Outlook Plug-in labeled with "MeetingPlace".
    • If scheduling is done via WebEx Productivity Tools or the WebEx site (companyname.webex.com) then the following does not apply.


  • In addition to the patches described above, a hotfix must be applied to the MeetingPlace Web Server in MeetingPlace Scheduling deployments.
    • From the above download page, navigate to Cisco Unified MeetingPlace Web Conferencing, then select your current version using the All Releases dropdown on the left.
    • The hotfix consists of a file names on the download page as Cisco Unified MeetingPlace Web Conferencing Release version Certificate Patch.
    • There is also a readme detailing specifically how to apply this patch. By hovering over the name of the patch, a separate window with a Readme link will appear.


Determining the Patch Files to Download

  • In most cases, there will be a WebEx Certificate patch to correspond with the particular version
  • After determining the MeetingPlace version above, use this version number to identify the specific patch to download.
  • All Cisco downloads require a cisco.com (CCO) login ID.


  • MeetingPlace downloads are be available here:

http://www.cisco.com/cisco/software/navigator.html?mdfid=278785523&catid=278875240


MeetingPlace Release 8.5

Release 8.5.5.x (MR3)

  • No Patches Necessary
    • This release already contains all the necessary fixes


Release 8.5.4.x (MR2)

Cisco Unified MeetingPlace Application Server Release 8.5 MR2 Cert Registration
MP85MR2_HF4_MultiNode_85425.bin
Cisco Unified MeetingPlace Application Server Release 8.5 MR2 Update Cert Trust Store
MP_HF_Update_Certs85MR2.bin
Cisco Unified MeetingPlace Application Server Release 8.5 MR2 Certificate Patch Readme file
readme85MR2
http://www.cisco.com/cisco/software/release.html?mdfid=278816725&release=8.5%284%29&relind=AVAILABLE&flowid=5362&softwareid=282074274&rellifecycle=&reltype=latest
Cisco Unified MeetingPlace Web Conferencing Release 8.5 MR2 Certificate Patch
mpweb-os-certstore-update-1_8_5_4.exe


Release 8.5.3.x (MR1)

Cisco Unified MeetingPlace Application Server Release 8.5 MR1 Cert Registration
MP85MR1_HF5_MultiNode_85335.bin
Cisco Unified MeetingPlace Application Server Release 8.5 MR1 Update Cert Trust Store
MP_HF_Update_Certs85MR1.bin
Cisco Unified MeetingPlace Application Server Release 8.5 MR1 Certificate Patch Readme file
readme85MR1
http://www.cisco.com/cisco/software/release.html?mdfid=278816725&release=8.5%284%29&relind=AVAILABLE&flowid=5362&softwareid=282074274&rellifecycle=&reltype=latest
Cisco Unified MeetingPlace Web Conferencing Release 8.5 MR1 Certificate Patch
mpweb-os-certstore-update-1_8_5_3.exe


Release 8.5.2.x

Cisco Unified MeetingPlace Application Server Release 8.5.2 Cert Registration
MP852FCS_HF2_MultiNode_852120.bin
Cisco Unified MeetingPlace Application Server Release 8.5.2 Update Cert Trust Store
MP_HF_Update_Certs852FCS.bin
Cisco Unified MeetingPlace Application Server Release 8.5.2 Certificate Patch Readme file
readme852FCS
http://www.cisco.com/cisco/software/release.html?mdfid=278816725&release=8.5%282%29&relind=AVAILABLE&flowid=5362&softwareid=282074274&rellifecycle=&reltype=latest
Cisco Unified MeetingPlace Web Conferencing Release 8.5.2 Certificate Patch
mpweb-os-certstore-update-1_8_5_2.exe


Release 8.5.1.x

Cisco Unified MeetingPlace Application Server Release 8.5.2
CUMP_AppServerUpgrade_8_5_2_8.bin
  • Upgrade instructions for upgrading from 8.5.1.x to 8.5.2.x are available here:
Upgrading to Cisco Unified MeetingPlace Release 8.5.x


MeetingPlace Release 8.0

Release 8.0.2.x

Cisco Unified MeetingPlace Application Server Release 8.0.2 Cert Registration
MP80MR1_HF3_WEBAPPS_80219.bin
Cisco Unified MeetingPlace Application Server Release 8.0.2 Update Cert Trust Store
MP_HF_Update_Certs80MR1.bin
Cisco Unified MeetingPlace Application Server Release 8.0.2 Certificate Patch Readme file
readme80MR1
http://www.cisco.com/cisco/software/release.html?mdfid=278816725&release=8.0%282%29&relind=AVAILABLE&flowid=5362&softwareid=282074274&rellifecycle=&reltype=latest
Cisco Unified MeetingPlace Web Conferencing Release 8.0.2 Certificate Patch
mpweb-os-certstore-update-1_8_0_2.exe


Release 8.0.1.x

Cisco Unified MeetingPlace Application Server Release 8.0.1 Patch 1 Cert Registration
MP80_HF5_WEBAPPS_801242.bin
Cisco Unified MeetingPlace Application Server Release 8.0.1 Patch 1 Update Cert Trust Store
MP_HF_Update_Certs80patch.bin
Cisco Unified MeetingPlace Application Server Release 8.0.1 Patch 1 Certificate Patch Readme file
readme80patch
http://www.cisco.com/cisco/software/release.html?mdfid=278816725&release=8.0%281%29_SR1&relind=AVAILABLE&flowid=5362&softwareid=282074274&rellifecycle=&reltype=latest
Cisco Unified MeetingPlace Web Conferencing Release 8.0.1 Patch 1 Certificate Patch
mpweb-os-certstore-update-1_8_0_1_SR1.exe


  • If you are below Release 8.0.1.229 (such as Release 8.0.1.3)
    • You will first need to apply Release 8.0.1 Patch 1 (8.0.1.229)
Q: The MeetingPlace 8.0 Certificate Patch for Application Server (8.0.1.241) states the following "Dependencies: Initial 8.0.1.X installation required (8.0patch)".
What versioning is required in order to apply this particular HF?
  • A: This hotfix requires that the MP application server be on 8.0 patch 1 (8.0.1.229). Any version lower than this will first have to upgrade to 8.0 Patch 1 (or SR1), the base install version 8.0.1.3 is a lower version than 8.0 Patch1. There is no Certificate Patch available to be applied directly on the original install version of 8.0.1.3.
1. Verify that you are on a lower version than 8.0 Patch 1 by running the following command from the command line interface, you will see the following output if you are on 8.0 Patch 1:
swstatus (on the active or single server)
-----------------------------------------
Conference server 8.0.1.229
2. If you are on a lower version than this (including 8.0.1.3), you must first upgrade to 8.0 Patch 1 (mp_8.0.patch1-appserver.229.tgz) before applying the certificate hotfixes on the Application Server
3. Instructions for that patch are linked in the details for this download:
mp_8.0.patch1-appserver.229.README.txt
Both files are available here:
http://www.cisco.com/cisco/software/release.html?mdfid=282879185&flowid=5383&softwareid=282579354&release=8.0%281%29_SR1
or from Downloads Home > Products > Video > Videoconferencing > Cisco Unified MeetingPlace > Cisco Unified MeetingPlace 8.0 > Unified MeetingPlace Application Server-8.0(1)_SR1


MeetingPlace Release 7.x

Release 7.1.2.x

Cisco Unified MeetingPlace Application Server Release 7.1 MR1 Cert Registration
7_1_2_8_hotfix_Admin_ConfMan.bin
Cisco Unified MeetingPlace Application Server Release 7.1 MR1 Update Cert Trust Store
MP_HF_Update_Certs71MR1.bin
Cisco Unified MeetingPlace Application Server Release 7.1 MR1 Certificate Patch Readme file
readme71MR1
http://www.cisco.com/cisco/software/release.html?mdfid=278816725&release=7.1%282%29&relind=AVAILABLE&flowid=5362&softwareid=282074274&rellifecycle=&reltype=latest
Cisco Unified MeetingPlace Web Conferencing Release 7.1 MR1 Certificate Patch
mpweb-os-certstore-update-1_7_1_2.exe


Release 7.1.1.x

Cisco Unified MeetingPlace Application Server Release 7.1 Cert Registration
7_1_1_1033_hotfix_Admin_ConfMan.bin
Cisco Unified MeetingPlace Application Server Release 7.1 Update Cert Trust Store
MP_HF_Update_Certs71HF.bin
Cisco Unified MeetingPlace Application Server Release 7.1 Certificate Patch Readme file
readme71HF
http://www.cisco.com/cisco/software/release.html?mdfid=278816725&release=7.1%281%29&relind=AVAILABLE&flowid=5362&softwareid=282074274&rellifecycle=&reltype=latest
Cisco Unified MeetingPlace Web Conferencing Release 7.1 Certificate Patch
mpweb-os-certstore-update-1_7_1_1.exe


Release 7.0.3.x

Cisco Unified MeetingPlace Application Server Release 7.0.3 Cert Registration
7_0_3_40_hotfix_Admin_ConfMan.bin
Cisco Unified MeetingPlace Application Server Release 7.0.3 Update Cert Trust Store
MP_HF_Update_Certs70MR2.bin
Cisco Unified MeetingPlace Application Server Release 7.0.3 Certificate Patch Readme file
readme70MR2
http://www.cisco.com/cisco/software/release.html?mdfid=278816725&release=7.0%283%29&relind=AVAILABLE&flowid=5362&softwareid=282074274&rellifecycle=&reltype=latest
Cisco Unified MeetingPlace Web Conferencing Release 7.0.3 Certificate Patch
mpweb-os-certstore-update-1_7_0_3.exe


Release 7.0.2.x

Cisco Unified MeetingPlace Application Server Release 7.0.2 Cert Registration
7_0_2_99_hotfix_Admin_ConfMan.bin
Cisco Unified MeetingPlace Application Server Release 7.0.2 Update Cert Trust Store
MP_HF_Update_Certs70MR1.bin
Cisco Unified MeetingPlace Application Server Release 7.0.2 Certificate Patch Readme file
readme70MR1
http://www.cisco.com/cisco/software/release.html?mdfid=278816725&release=7.0%282%29&relind=AVAILABLE&flowid=5362&softwareid=282074274&rellifecycle=&reltype=latest
Cisco Unified MeetingPlace Web Conferencing Release 7.0.2 Certificate Patch
mpweb-os-certstore-update-1_7_0_2.exe


Release 7.0.1.x

Cisco Unified MeetingPlace Application Server Release 7.0.1 Cert Registration
7_0_1_8_hotfix_admin_confman.bin
Cisco Unified MeetingPlace Application Server Release 7.0.1 Update Cert Trust Store
MP_HF_Update_Certs70FCS.bin
Cisco Unified MeetingPlace Application Server Release 7.0.1 Certificate Patch Readme file
readme70FCS
http://www.cisco.com/cisco/software/release.html?mdfid=278816725&release=7.0%281%29&relind=AVAILABLE&flowid=5362&softwareid=282074274&rellifecycle=&reltype=latest
Cisco Unified MeetingPlace Web Conferencing Release 7.0.1 Certificate Patch
mpweb-os-certstore-update-1_7_0_1.exe

Installation Instructions

All installation instructions are included in the readme files (such as "readme85MR2" or "readme80MR1") downloaded along with the patch files

  1. Open this readme file in a program such as WordPad
  2. Make sure to follow each step within the readme file


  • In most cases patching an Application Server will include two files, a "Cert Registration" patch file and an "Update Cert Trust Store" patch file
    • The readme file includes instructions for both files


  • For MeetingPlace Release 8.5 with Multinode Topologies
Node needs to be put in Maintenance Mode before installing patch.
For multi-node deployment install patch on each node starting with leaf nodes and root-without-leaf nodes.
Patch can be installed on root node only after its leaf nodes. Patch should be installed on secondary MBD just before the Primary MBD.
Primary MBD node should be the last node where patch is installed.


FAQ

This section provides information about commonly encountered issues and how to resolve them.


Q: I am receiving a message indicating that my account does not have permissions to download the software. How can the software be downloaded?

  • A: If you experience entitlement issues downloading software with your CCO account, please attach a contract with software download using the Cisco Service Contract Center at http://www.cisco.com/web/services/ordering/cscc/index.html . If you need assistance with this tool, please open a case with the Cisco Service Support Center at http://www.cisco.com/web/siteassets/contacts/international.html and select your country for a local assistance phone number. Based on your contract number, they will be able to assist you. If you have questions about your contract, please reach out to your Cisco Sales contact or Cisco Account team for assistance. Alternately, use another cisco.com ID that has these permissions.


Q: I cannot open the readme file that I downloaded with the patch.

  • A: The Readme file may not have a file extension, but it is a plain text file. You should be able to open this in a program such as WordPad.
    • Note: If you open this in Notepad, the line breaks may not show correctly.


Q: I am continuing to receive notifications that I still need to apply the security patch on the MeetingPlace servers, but I have already done so.

  • A: If the patches were applied within a day or two before receiving the notification, it is possible that we have missed this but you will not receive further notifications. If you have received multiple notifications since applying the patches, the process may not be complete yet. Please verify that the hotfixes were applied successfully as described in the readme files and later on this page (under Install Verification). If this has been completed, please schedule a downtime and run the following process on the Active Application server (or Meeting Director):

1. SSH to the MP Application server as user mpxadmin
2. Enter 'su', you will be prompted to enter the root password
3. '/etc/init.d/mpx_webx restart'

The WebEx adapter service will restart and reconnect to WebEx. The restart will occur quickly but full restoration of service may take 15 minutes.


Q: How do I put my server into Maintenance Mode?


Q: What will happen when the WebEx Certificate is updated within the WebEx cloud? Will the TSP connections be disconnected at that time?

  • A: When the certificate is exchanged on the WebEx side, current connections will not be disconnected. The updated certificate is used for initial connections or future reconnections to the WebEx cloud. The MeetingPlace system will require the MeetingPlace certificate hotfix in order to reconnect to the TSPs in the WebEx cloud after the WebEx certificate has been updated.



If your deployment is on release 8.0.1.3, please note the following:


Q: The MeetingPlace 8.0 Certificate Patch for Application Server (8.0.1.241) states the following "Dependencies: Initial 8.0.1.X installation required (8.0patch)". What versioning is required in order to apply this particular HF?

  • A: This hotfix requires that the MP application server be on 8.0 patch 1 (8.0.1.229). Any version lower than this will first have to upgrade to 8.0 Patch 1 (Or SR1), the base install version 8.0.1.3 is a lower version than 8.0 Patch1. There is no Certificate Patch available to be applied directly on the original install version of 8.0.1.3.

1. Verify that you are on a lower version than 8.0 Patch 1 by running the following command from the command line interface, you will see the following output if you are on 8.0 Patch 1:

swstatus (on the active or single server)
-----------------------------------------
Conference server 8.0.1.229

2. If you are on a lower version than this (including 8.0.1.3), first upgrade to 8.0 patch 1 (mp_8.0.patch1-appserver.229.tgz) before applying the certificate hotfixes on the Application Server

3. Instructions for that patch are linked in the details for this download: mp_8.0.patch1-appserver.229.README.txt Both files are available at Downloads Home > Products > Video > Videoconferencing > Cisco Unified MeetingPlace > Cisco Unified MeetingPlace 8.0 > Unified MeetingPlace Application Server-8.0(1)_SR1


Install Verification

This section provides information you can use to confirm your Certificate update was successful after the installs have been completed.


MeetingPlace Application Server (Used in all WebEx integrated deployments versions 7.x and above):

1. SSH to the MeetingPlace Application server using the 'mpxadmin' credentials.

2. Enter the following command to become root user, enter the root password when prompted:

$su -

3. Enter the following three commands:

# keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -trustcacerts -noprompt | grep cisco2048
# keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -trustcacerts -noprompt | grep dstrootcax3
# keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -trustcacerts -noprompt | grep verisigncag5

4. Expected output:

cisco2048, Month dd, yyyy, trustedCertEntry
dstrootcax3, Month dd, yyyy, trustedCertEntry
verisigncag5, Month dd, yyyy, trustedCertEntry


The month and year in this output will be date when you applied the certificate hotfix.
If there is no output for any of these commands, the certificates were not installed successfully. Run the hotfix again.


5. Login to the MeetingPlace Administration page (on each Application server in the deployment) using the default 'admin' account or other account with System administrator privileges.

6. The current version will be noted on this page. It should match the versioning shown in the readme for the hotfix used.



MeetingPlace Web Server (Used in MeetingPlace Scheduling deployments and 6.x systems):

1. Start Certificates MMC snap-in by running certmgr.msc command from command-line.

2. In the left pane, expand Trusted Root Certification Authorities container and select Certificates store. You should be able to see the following certificates: Cisco Root 2048, VeriSign Class 3 Public Primary Certification Authority - G5, and DST Root CA X3
3. In the left pane, expand Third-Party Root Certification Authorities container and select Certificates store. You should be able to see the following certificates: Cisco Root 2048, VeriSign Class 3 Public Primary Certification Authority - G5, and DST Root CA X3



Rating: 5.0/5 (4 votes cast)

Personal tools