cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1130
Views
5
Helpful
3
Replies

Secondary tomcat certificate not updating

PatWruk
Level 1
Level 1

We have 2 UCCX servers that the tomcat certs will expire in a month and are working on replacing them. We uploaded the cert to the primary server then rebooted the Cisco Tomcat and Cisco Finesse Tomcat services, the secondary server was still using the old cert. We rebooted the primary server, waited for it to come back up then rebooted the secondary. The secondary still has the old cert. When we replaced the certs on all of the other servers (CUCM, UCXN, CIMP) it properly propagated from the primary to the secondary and have no idea why it isn't working on UCCX. We are using a Multi-server(SAN) cert from GoDaddy so it should cover both

Any ideas how to fix this?

1 Accepted Solution

Accepted Solutions

It depends on the version of CCX, but you have to generate the CSR as a multi-server SAN where the request is created in OS Administration. If you didn't do that, you will have to generate a new multi-server CSR and get the certificate re-issued.

View solution in original post

3 Replies 3

It depends on the version of CCX, but you have to generate the CSR as a multi-server SAN where the request is created in OS Administration. If you didn't do that, you will have to generate a new multi-server CSR and get the certificate re-issued.

That looks like it should be it, it looks like our CSR was done wrong. Thanks for the help!

deepshikha2112
Level 1
Level 1

Just make sure that while generating CSR for UCCX/Tomcat - under Multi-SAN, SANs (Subject Alternate Names) should have both - UCCX FQDNs - primary and secondary - included.

I hope this helps!!!