Configuring certificates for on-premise appliances
Note: Starting August 1, 2023, Zoom will require TLS certificates for the Meeting Connector, for a more secure communication method.
When configuring a Meeting Connector or Virtual Room Connector (VRC) appliance, admins can upload and use their own TLS certificates, issued by a trusted certificate authority (CA), for their appliances. However, these must be manually rotated prior to expiration. However, for Meeting Connector, admins can also configure the appliance to use certificates and domains managed and updated by Zoom automatically through Zoom's Auto PKI feature.
This article covers:
Prerequisites for configuring on-prem certificates and domains
- A running Meeting Connector or Virtual Room Connector
- Admin access to the server web interface
- Meeting Connector, version 4.8.20220526.113
- Virtual Room Connector, version 4.4.7505.20220310
How to manage a Zone Controller's certificates
Configuring a Zone controller to use a Zoom-managed certificate
Note: These TLS certificates are issued by trusted certificate authorities and utilize WebPKI for validation.
- In your web browser, navigate to the appliance's web console: https://IPaddress:5480
- Sign in with admin credentials.
- In the navigation menu, click Configure.
- Enable Use domains and certificates managed by Zoom.
- Click Apply Domain & Certificate.
- Enter the IPv4 addresses for ZC External and MMR External.
Note: The MMR External address needs to be entered in both the (8801 and 443 port fields). - (Optional) enable Hide vanity from the domain.
- Click Apply domain & Certificate.
- Click OK.
A success message will be displayed once the domain and certificate have been applied. - Click OK.
- At the bottom of the page, click Submit to apply the changes and restart the meeting services.
Configuring a Zone Controller to use an organization’s managed certificates
Before installing the certificate, your organization must obtain a certificate from a WebPKI-compliant certificate authority.
- In your web browser, navigate to the appliance's web console: https://IPaddress:5480
- Sign in with admin credentials.
- In the navigation menu, click Configure.
- Enable Use myself domains and upload certificates.
- Enter the domains for the ZC Internal Domain and MMR Internal Domain.
- Enter the IPv4 addresses for ZC External and MMR External.
Note: The MMR External address needs to be entered in both the (8801 and 443 port fields). - Click Upload Certificate.
- Select and upload the certificate and key files.
- At the bottom of the page, click Submit to apply the changes and restart the meeting services.
How to manage an MMR's certificates
Configuring an MMR to use a Zoom-manged certificate
Note: These TLS certificates are issued by trusted certificate authorities and utilize WebPKI for validation.
- In your web browser, navigate to the appliance's web console: https://IPaddress:5480
- Sign in with admin credentials.
- In the navigation menu, click Configure.
- Enable Use domains and certificates managed by Zoom.
- Click Apply Domain & Certificate.
- Enter the IPv4 addresses for MMR Internal Domain and MMR External IPv4 Address/Domain.
Note: The MMR External IPv4 Address/Domain address needs to be entered in both the (8801 and 443 port fields). - (Optional) enable Hide vanity from the domain.
- Click Apply domain & Certificate.
- Click OK.
A success message will be displayed once the domain and certificate have been applied. - Click OK.
- At the bottom of the page, click Submit to apply the changes and restart the meeting services.
Configuring an MMR to use an organization's managed certificates
Before installing the certificate, your organization must obtain a certificate from a WebPKI-compliant certificate authority.
- In your web browser, navigate to the appliance's web console: https://IPaddress:5480
- Sign in with admin credentials.
- In the navigation menu, click Configure.
- Enable Use myself domains and upload certificates.
- Enter the MMR Internal Domain.
- In MMR External IPv4 Address/Domain enter the address or domains for the MMR.
- Enter the IPv4 addresses for MMR Internal Domain and MMR External IPv4 Address/Domain.
Note: The MMR External IPv4 Address/Domain address needs to be entered in both the (8801 and 443 port fields). - Click Upload Certificate.
- Select and upload the certificate and key files.
- At the bottom of the page, click Submit to apply the changes and restart the meeting services.
How to manage Virtual Room Connector certificates
- In your web browser, navigate to the appliance's web console: https://IPaddress:5480
- Sign in with admin credentials.
- In the navigation menu, click Configure.
- Enable Replace Certificate.
- Select and upload the certificate and key files.
- At the bottom of the page, click Submit to apply the changes and restart the meeting services.