08-05-2014 05:14 PM - edited 03-16-2019 11:38 PM
When I click on Callamanger and select Generate CRS, there is a field in the popup called Domain name which shows the companyname.com.
In 10.5, I was told that this is required. Anyone cares to explain in more details?
Also, I noticed that there is callmanager and there is also tomcat from Certificate Management. I select callmanager and use that to generate CSR and I submit it to a 3rd party CA. If I repeat the same process but this time selecting tomcat, the 3rd party CA will complain of a duplicate. Ideas? or callmanager alone is good?
My goal is to encrypt calls
Solved! Go to Solution.
08-05-2014 08:29 PM
Tomcat is for Webservice communication. That includes AXL calls and admin webpages.
CallManager is for phone registration, however there is a bug in CallManager Multiserver certificate which causes phones to reset randomly. Is there a reason why you need to have the CallManager server signed by a 3rd party CA? You could use an internal CA or USB tokens to sign it.
08-07-2014 09:46 AM
Correct, you will have to upload the root and intermediate certificate that you receive from Verisign to callmanager-trust first else it will give you an error.
Also, there is a bug in 10.5 that causes phones to reboot if you sign the Callmanager cert. CSCup28852
08-07-2014 10:27 AM
1) The process that I mentioned above is for extracting the root/intermediate certs that you need.
2) What format is the certificate in? ie. what extension does the file have?
08-07-2014 10:55 AM
Can you send me the cert somehow? Fileshare or PM me via the community?
08-05-2014 08:29 PM
Tomcat is for Webservice communication. That includes AXL calls and admin webpages.
CallManager is for phone registration, however there is a bug in CallManager Multiserver certificate which causes phones to reset randomly. Is there a reason why you need to have the CallManager server signed by a 3rd party CA? You could use an internal CA or USB tokens to sign it.
08-06-2014 12:39 PM
Its a requirement by the company.
So, if I download the CSR for callmanager and submit it to verisign, I will need to upload it and when i upload it, do I select callmanager again or callmanager-trust.
Can I use that same cert to upload it for tomcat-trust or do I use tomcat?
Thanks
08-06-2014 03:18 PM
If you select a CSR for tomcat or CallManager, then the signed certificate will be uploaded to the same location. The signed certificate will have a root and potentially intermediate certs. These certs will be uploaded to the appropriate xxx-trust locations.
08-07-2014 08:39 AM
So, just to confirm, when I downloaded the CSR, I choose callmanager, send it to Verisign, then upload the file I received also by selecting callmanager and thats it? thanks
by the way, when I dowloaded the CSR, its a multi-server csr
08-07-2014 09:46 AM
Correct, you will have to upload the root and intermediate certificate that you receive from Verisign to callmanager-trust first else it will give you an error.
Also, there is a bug in 10.5 that causes phones to reboot if you sign the Callmanager cert. CSCup28852
08-07-2014 09:48 AM
Thanks George. I will take a look at this bug.
I only received one file from Verisign though, so what do I do with the intermediate file you mentioned? thanks
08-07-2014 09:50 AM
When I uploaded the cert I got from verisign, I selected "calmanager" and when I click ok, it gave me an error about something not found in store. When i change the selection to "callmanager-trust", the cert uploaded ok.
Did I do something wrong?
08-07-2014 10:01 AM
Thats what I mentioned earlier, you will have to upload the root and intermediate certificate first to callmanager-trust before you upload the signed certificate.
To get root/intermediate cert. open the certificate, navigate to the certification path and you will see a hierarchy similar to the attachment. Click on the top most certificate and click View certificate. In the new pop-up, navigate to details and click on COpy to file. Click next on the wizard that opens, on the 2nd page select the base-64 encoded option and go through the wizard. In the 3rd window, you will be able to select an option to save the certificate and this will be your root certificate. Repeat this process for the intermediate certificate, ie the 2nd cert in the hierarchy. Once you have both the files, upload the root certificate to the callmanager-trust first and then upload the intermediate certificate. Once thats done, upload the signed certificate to the callmanager location.
At this point, your phones should start rebooting due to the bug i mentioned above. LOL.
08-07-2014 10:20 AM
lol....so this is where my head spin.
1) what exactly do you mean by "upload the root and intermediate cert to call-manager-trust" before I upload my signed cert. I only have one file that came from verisign. The only other file I have is the call-manager csr I downloaded
2) you said navigate to the certification path..where? in the PC I am using to browse to the CUCM?
I want my phones to start randomly rebooting... so please help me :)
08-07-2014 10:27 AM
1) The process that I mentioned above is for extracting the root/intermediate certs that you need.
2) What format is the certificate in? ie. what extension does the file have?
08-07-2014 10:28 AM
The signed cert from verisign is .CER
The callmanager file I downloaded that I sent to Verisign is CSR
08-07-2014 10:25 AM
08-07-2014 10:27 AM
This is callmanager self signed certificate, I was referring to the cert that Verisign sent you.
08-07-2014 10:35 AM
The file Verisgn sent me is a .CER file
I uploaded it earlier to the CUCM and selected callmanager-trust then rebooted the server then enabled mixed mode
What am I missing? tnx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide