Solved: Re: Secondary tomcat certificate not updating

PatWruk · ‎08-25-2021

We have 2 UCCX servers that the tomcat certs will expire in a month and are working on replacing them. We uploaded the cert to the primary server then rebooted the Cisco Tomcat and Cisco Finesse Tomcat services, the secondary server was still using the old cert. We rebooted the primary server, waited for it to come back up then rebooted the secondary. The secondary still has the old cert. When we replaced the certs on all of the other servers (CUCM, UCXN, CIMP) it properly propagated from the primary to the secondary and have no idea why it isn't working on UCCX. We are using a Multi-server(SAN) cert from GoDaddy so it should cover both

Any ideas how to fix this?

Elliot Dierksen · ‎08-25-2021

It depends on the version of CCX, but you have to generate the CSR as a multi-server SAN where the request is created in OS Administration. If you didn't do that, you will have to generate a new multi-server CSR and get the certificate re-issued.

View solution in original post

Elliot Dierksen · ‎08-25-2021

It depends on the version of CCX, but you have to generate the CSR as a multi-server SAN where the request is created in OS Administration. If you didn't do that, you will have to generate a new multi-server CSR and get the certificate re-issued.

PatWruk · ‎08-25-2021

That looks like it should be it, it looks like our CSR was done wrong. Thanks for the help!

deepshikha2112 · ‎08-25-2021

Just make sure that while generating CSR for UCCX/Tomcat - under Multi-SAN, SANs (Subject Alternate Names) should have both - UCCX FQDNs - primary and secondary - included.

I hope this helps!!!