01-24-2017 08:46 AM - edited 03-17-2019 09:17 AM
All,
I am in process of configuring certificate based ILS authentication which required Root CA and tomcat certificate needs to be uploaded to CUCM cluster and exchange between cluster. I would like to know after uploading Signed TOMCAT certificate, does phone require new CTL files?
Do I required phone reset to upload new CTL files?
Can you please let me know any impact on service after uploading CA signed certificate.
Thanks,
01-24-2017 09:02 AM
Are you running mixed mode with security enabled?
01-26-2017 02:52 PM
I do not have any security enable in cluster.
01-27-2017 02:00 PM
This shouldnt have any impact on the phones and NO you dont need to upload CTL files. Just be aware that tomcat certs are used by phones for accessing directories and EM. So you need to ensure that the certs are re-signed once they expire.
01-27-2017 05:58 AM
Phones do not use Tomcat certs for anything, so uploading Tomcat certs only requires reset of Cisco Tomcat service and does not do anything to phones.
On a side note there was a Cisco bug dealing with certificate based ILS, I don't have it handy, but it was pretty nasty and I've avoided using cert based ILS authentication and simply have been using password based.
01-27-2017 02:15 PM
Hi, CTL files are used for something totally different, so they do not have any impact on tomcat. But be aware that Tomcat certs are used for things like extension mobility and during directory search on cucm UDS directories. So if the tomcat expires these services will be impacted.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide