Solved: Re: CSR Certificate renewal in call manager and presence nodes

B@l@ji · ‎05-03-2021

I have question regarding the trust certificates. We have 5 nodes in our cluster, 3 cucm and 2 presence nodes.

All the tomcat certificates are internal CA signed. Tomcat cert is expiring in one of the presence nodes, we will submit a CSR and get CA signed.

After getting the new certificate, do we need to upload the same certificate as "tomcat-trust" on other nodes?

Root and intermediate certificates are already present in all the nodes.

Can someone please explain how trust certificates work for CA signed certs?

Roger Kallberg · ‎05-03-2021

Look at this document for details on how to manage certificates in UC systems. Cisco UC Certificates Renewal Guide

View solution in original post

Nithin Eluvathingal · ‎05-03-2021

if you are signing a tomcat cert you upload the signed certificate as tomcat certificate.

Root/intermediate certificate from the CA will be uploaded as the tomcat trust.

If you have the CA/intermediate in tomcat trust you don’t need to upload the CA again.

B@l@ji · ‎05-04-2021

and all other nodes should have the CA/intermediate certs in their tomcat-trust?

Roger Kallberg · ‎05-04-2021

You would upload these certificates on the Pub and it will distribute it to the other nodes in the cluster.

Roger Kallberg · ‎05-03-2021

Look at this document for details on how to manage certificates in UC systems. Cisco UC Certificates Renewal Guide