I have a question regarding signing certificates by a third-party CA, for the Remote Expert Mobile system servers.
I have multi-node topology with: 1-ReverseProxy Server, 1-RE Application Server, 2-RE MediaBroker Servers.
On which server I have to sign certificate by a third-party CA, on ReverseProxy Server or RE Application Server,
that web page for consumer at the following URL:
https://<Cluster IP or FQDN>:8443/assistsample/?agent=sip:5100@X.X.X.X
will be trusted for consumer.
What are the requirements for this certificate?
As the reverse proxy is handling the requests from the consumer it is the server that will need to be trusted. The certificate requirements will depend on the RP being used and are not part of the REM documentation.
If you optionally decide to secure the RP -> REAS traffic you can need to ensure the RP trusts REAS. If you do need certificates for this it will be the REAS load balancers HTTPS certs.