Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1054
Views
0
Helpful
5
Replies

UCCX Upgrade to 11.5(1)SU1 and Tomcat ECDSA

LibinBenedict
Level 1
Level 1

‎03-13-2018 12:10 PM - edited ‎03-14-2019 06:02 PM

Hi,

 

We are planning to upgrade our UCCX from 10.6(1)SU2 to 11.5(1)SU1. I have read in the documentation that starting 11.5, tomcat service is preconfigured with RSA and ECDSA certificates. We are using internal CA-signed certificates. 

 

There is bug reported for the version 11.5(1) CSCvb46250 and we can apply a cop if we do not want to present the ECDSA certificate to the agents. And this bug is fixed for the version 11.5(1)SU1. Does it mean that I do not need to sign the tomcat-ECDSA and the agents will not be prompted to accept the ECDSA certificate? Is there any problem if we do not want to sign the tomcat-ECDSA?

 

Regards,

Libin Benedict

Labels:
0 Helpful
5 Replies 5

Anthony Holloway
Cisco Employee
Cisco Employee

‎03-13-2018 12:59 PM

What I have done, is just sign the Tomcat RSA one first, then apply the COP to stop UCCX from handing out the ECDSA cert all together. If I'm not mistaken, this effectively disables the ECDSA cert, and uses 100% RSA based certs. Kind of like a "give me the old way back."
0 Helpful

LibinBenedict
Level 1
Level 1
In response to Anthony Holloway

‎03-13-2018 01:28 PM

Hi Anthony,

 

Thanks for the response.

But the COP is applicable for 11.5(1) and not for the SU1. I would like to know how I can skip the signing of tomcat-ECDSA.

The current tomcat certificates in 10.6 version are signed and I hope they will be carried forward during the upgrade.

 

Regards,

Libin Benedict

Libin Benedict

0 Helpful

Flo.Matalis
Level 1
Level 1
In response to Anthony Holloway

‎09-13-2023 05:21 PM

Hi, I tried to find documentation for UCCX 12.5, but cannot seem to find any.

Is this still applicable to fresh installed UCCX 12.5? Do we still have to apply COP or the RSA certificate is enough?

Thanks!

0 Helpful

BradMarkel93582
Level 1
Level 1
In response to Flo.Matalis

‎10-23-2023 04:00 PM

UCCX 12.5 does not use ECDSA certificates, so says this configuration guide.  Systems I work with have a self-signed ECDSA cert and a CA signed RSA cert.

 

Check out:

Configure UCCX Solution Certificate Management

https://www.cisco.com/c/en/us/support/docs/customer-collaboration/unified-contact-center-express/118855-configure-uccx-00.html

"Starting from 11.6, use of ECDSA certificates has been removed from the UCCX solution completely. This includes UCCX, SM/CCP, CUIC and Finesse."

0 Helpful

ntteducollab
Level 1
Level 1
In response to BradMarkel93582

‎10-24-2023 01:45 PM

It really seems that UCCX 12.5 doesn't use ECDSA certificates, but I have seen cases where, even if CCX doesn't use an ECDS, you need to regenerate it after an upgrade (self-signed  ECDS cert is sufficient). eg:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd96014

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents