03-18-2020 12:48 PM
Hello,
I generated CRS for a cluster of cucm with Multi-SAN and the CSR are signed by CA public, the callmanager and tomcat certificate.
Now, the customer wants to secure signaling and media, so the cluster will pass a mixed-mode.
The question is, the csr, when the cluster pass to a mixed-mode, they will change? I must sign them again?
Regards.
03-18-2020 02:31 PM
Have you reviewed the documentation on enabling mixed mode on CUCM??
03-19-2020 10:08 AM
Jaime is right, be sure to read and re-read the documentation on enabling mixed-mode in CUCM. (And do a Google search on tips and trick to help clarify.)
If you have not added or rebuilt any nodes since your existing certificates were issued, and if you are using the same Multi-SAN parameters, and if you are signing additional certificates with the same CA, then only 'additional' certificates would need to be signed and you should be able to continue to use the ones already signed.
Read the Security Guide for your version of CUCM. There is a chapter on CTL setup. Also do a search through the security guide for "mixed" to view additional caveats to changing to mixed mode (and there are plenty!).
Maren
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide