CUCM 12.5 doesn't send intermediates

Paul Freiberg — Mon, 24 Jun 2019 10:29:57 GMT

Hi all,

we upgraded our TestCluster to 12.5 and noticed trouble with our AXL application to it.

In wireshark we noticed an "unknown CA" statement from the AXL client. As I compared it to our productive 11.5 Cluster, the new 12.5 CUCM doesn't provide its intermediate and root certificates, while it does with 11.5.

For our TestCluster all certificates are signed by the same CA similar to the productive Cluster.

Now we don't validate the peer in our AXL application which doesn't feel good.

Do you know a new configuration where you can define if CUCM provides the certificate chain or not? Or do someone know a bug/defect? I didn't found something in the Enterprise Paramter configuration...

We experienced it with 12.5(1) and 12.5(1)SU1.

Paul

topic CUCM 12.5 doesn't send intermediates in Unified Communications Infrastructure

CUCM 12.5 doesn't send intermediates