When you created unified messaging services, if you selected the option to validate certificates for Exchange servers or for Active Directory domain controllers (DCs), you must upload the public certificates from the certification authority (CA) that signed the certificates on the Exchange servers and DCs. Otherwise, Connection cannot communicate with Exchange servers or with DCs to find Exchange servers, and unified messaging functionality will not work.
Unity Connection 8.5
SSL certificates are not already installed
1. If you have selected the option to validate certificates for Exchange servers, and if SSL certificates are not already installed on all of the following servers: Get and install certificates:
–Exchange 2010 client access servers.
–Exchange 2007 client access servers, if there are Exchange 2007 mailboxes that you want Connection to be able to access.
–Exchange 2003 servers, if any, on which there are mailboxes that you want Connection to be able to access.
In addition, if you selected the option to validate certificates for Active Directory domain controllers, and if SSL certificates are not already installed on your DCs, get and install certificates.
2. If you used an external CA (for example, Verisign) to issue the SSL certificates installed on the servers listed in Task 1., and if you have the public certificates for the CA in .pem format: Save the files to a network location accessible to the Connection server. Then skip to step 6.
3. If you used Microsoft Certificate Services or Active Directory Certificate Services to issue the SSL certificates, or if you used an external CA and you do not have the public certificate for the CA in .pem format: Download and install OpenSSL or another application that can convert public certificates to .pem format. Connection cannot upload public certificates in other formats.
4.If you used Microsoft Certificate Services, Active Directory Certificate Services, or an external CA, and if you do not have public certificates in .pem format: Use the application that you downloaded instep 3 to convert the public certificate to .pem format, and save the file to a network location accessible to the Connection server.
Upload the public certificates to the Connection server
5. Upload the public certificates to the Connection server by following the below steps:-
Step 1 On the Connection server, sign in to Cisco Unified Operating System Administration.
Step 2 On the Security menu, select Certificate Management.
Step 3 Select Upload Certificate.
Step 4 In the Certificate Name list, select tomcat-trust.
Step 5 Optional: Enter a description (for example, the name of the certification authority) in the Description field.
Step 6 Select Browse.
Step 7 Browse to the location where you saved the public certificates in .pem format, and select one of the converted certificates.
Step 8 Select Upload File.
Step 9 Repeat step 3 through step 8, but select Connection-trust in the Certificate Name list.
Step 10 If you have public certificates from more than one certification authority, repeat step 3 through step 9 for the remaining certificates.
Save the Public Certificate to a File
6. If you used Microsoft Certificate Services to issue the SSL certificates. Follow the below steps:-
Step 1 Sign in to the server on which you installed Microsoft Certificate Services and issued SSL certificates for the following servers:
•Exchange 2010 client access servers.
•Exchange 2007 client access servers, if there are Exchange 2007 mailboxes that you want Connection to be able to access.
•Exchange 2003 servers, if any, on which there are mailboxes that you want Connection to be able to access.
•Active Directory domain controllers that the Connection server might access.
Step 2 On the Windows Start menu, select Programs > Administrative Tools > Certification Authority.
Step 3 In the left pane of the Certification Authority MMC, right-click the server name, and select Properties.
Step 4 In the <servername> Properties dialog box, on the General tab, select View Certificate.
Step 5 In the Certificate dialog box, select the Details tab.
Step 6 On the Details tab, select Copy to File.
Step 7 On the Welcome to the Certificate Export Wizard page, select Next.
Step 8 On the Export File Format page, select Next to accept the default value of DER Encoded Binary X.509 (.CER).
Step 9 On the File to Export page, specify the full path of the public certificate, including a location that is accessible to the Connection server, and a file name.
Step 10 Select Next.
Step 11 On the Completing the Certificate Export Wizard page, select Finish.
Step 12 Select OK three times to close a message box and two dialog boxes.
Step 13 Close the Certification Authority MMC.
Step 14 If you issued SSL certificates for all of the servers listed in step 1 by using the same installation of Microsoft Certificate Services, you are finished with this procedure. Return to the task list for this section.
If you issued SSL certificates for all of the servers listed in step 1 by using different installations of Microsoft Certificate Services, repeat step 1 through step 13 to get one public certificate for each instance of Microsoft Certificate Services. Then return to the task list for this section.
Hello, we are unable to call numbers in US because our telco is saying we are sending 11 digits to them (instead of 10). My senior staff is away so I am trying to figure this out. We are using e164 dial plan----and using mask with +1XXXXXXXXXX numbe...
I was alerted an issue the other day from a UCCX Subscriber node of the NonVoice Subsystem in partial service. When I checked the CCX Engine service and sub service, it showed fully up and had been up for several weeks since it was last rebooted. Not...
Hi Team,I am trying to fix audio issues by collecting different data metrics that can be used for analysis. Since onset of sudden transition from work from home , I am sure many customers like us will be dealing with sudden transition from office to work ...
Not sure under which category should I post this for best match so I am posting it underCisco Community Technology and Support Collaboration, Voice and Video IP Telephony and Phonesand will be posting under :Cisco Community Technology and Support Collabor...
Hi everyone, I recently have started updating our 8800 series phones (specifically 8851s) to 12.8(1) from 12.1(1) and it seems that this breaks the last line remembered. I think I need guidance, because from what I have been able to find this is the...