Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3358
Views
0
Helpful
23
Replies

CUCM 10.5 and CSR (security cert)

Go to solution
vipersl65
Level 4
Level 4

‎08-05-2014 05:14 PM - edited ‎03-16-2019 11:38 PM

When I click on Callamanger and select Generate CRS, there is a field in the popup called Domain name which shows the companyname.com.

In 10.5, I was told that this is required.  Anyone cares to explain in more details?

 

Also, I noticed that there is callmanager and there is also tomcat from Certificate Management.  I select callmanager and use that to generate CSR and I submit it to a 3rd party CA. If I repeat the same process but this time selecting tomcat, the 3rd party CA will complain of a duplicate.  Ideas?  or callmanager alone is good?

 

My goal is to encrypt calls

Labels:
0 Helpful
23 Replies 23

Go to solution
George Thomas
Level 10
Level 10
In response to vipersl65

‎08-07-2014 10:41 AM

DId you follow the guide below?

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/10_0_1/secugd/CUCM_BK_C68276B4_00_cucm-security-guide-100/CUCM_BK_C68276B4_00_cucm-security-guide-100_chapter_0100.html

 

Please rate useful posts.
0 Helpful

Go to solution
vipersl65
Level 4
Level 4
In response to George Thomas

‎08-07-2014 11:19 AM

George,

 

Which parts as I am not using client token as this is 10.5?

0 Helpful

Go to solution
George Thomas
Level 10
Level 10
In response to vipersl65

‎08-07-2014 11:20 AM

In your case, the CLI part. However i would read this guide fully to understand mixed mode cluster security.

Please rate useful posts.
0 Helpful

Go to solution
vipersl65
Level 4
Level 4
In response to George Thomas

‎08-07-2014 11:25 AM

Here's the highlevel overview of what I did

1) CUCM is in non-scure mode

2) Download callmanager CSR and sent to Verisign

3)Received callmanager.CER from verisign

4)Uploaded it by selecting callmanager-trust.   If I select callmanager, I get an error about store

5)rebooted the server

6)enabled mixed mode via CLI

7)Rebooted the server

 

This is the time I tried to go to the IE certifcation path and didnt get that same tree you have

0 Helpful

Go to solution
vipersl65
Level 4
Level 4
In response to George Thomas

‎08-07-2014 10:52 AM

Do I need to download this root and intermediate cert from the OS admin of CUCM or that is from the pic you sent wherein I do it in the IE browser connected to my CUCM?

0 Helpful

Go to solution
George Thomas
Level 10
Level 10
In response to vipersl65

‎08-07-2014 10:55 AM

Can you send me the cert somehow? Fileshare or PM me via the community?

Please rate useful posts.
0 Helpful

Go to solution
vipersl65
Level 4
Level 4
In response to George Thomas

‎08-07-2014 12:04 PM

How do I PM you?  Been trying to do that

0 Helpful

Go to solution
islam.kamal
Level 10
Level 10
In response to vipersl65

‎08-06-2014 09:51 PM

Hello

you have to generate intermediate certificate from Root certificate. After this you have to upload  CA to tomcat-trust , the upload the certificate .cer to trust tomcat after you uploaded it CUCM changes the name of the file to <SUBJECT CN>.pem. . Kindly check the below links:-

http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-60/112108-sslcert-cucm-00.html

https://supportforums.cisco.com/document/30501/cucm-uploading-ccmadmin-web-gui-certificates

https://supportforums.cisco.com/document/91906/high-level-view-certificates-cucm

 

Thanks

please rate all useful information

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents