Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1481
Views
0
Helpful
5
Replies

CUCM 8.0.3 SSL AD integration

eemge
Level 1
Level 1

‎09-21-2011 03:08 PM - last edited on ‎03-25-2019 08:09 PM by Community Manager

CUCM LDAP integration non SSL works fine.

When trying to turn on SSL the host name cannot be reached. Did the following:

1. Created and uploaded Cert to tomcat-trusts

2. Opened Cert and found CN=wwww.xxxx.yyy.com

3. Put this as server in LDAP Server settings (wwww.xxxx.yyy.com)

4. Set port to GC port of 3269 (also tried 3268)

5. Checked SSL box

When I save I get "Unknown Host or Bad IP Address wwww.xxxx.yyy.com"

I have DNS set on the server and from CLI I can ping the hostname as shown above.

Any suggestions would be appreciated.

Labels:
0 Helpful
5 Replies 5

Joseph Martini
Cisco Employee
Cisco Employee

‎09-21-2011 03:13 PM

What's configured as your domain name on CUCM?  One step that needs to be done before the certificate will be available for the SSL connection, even though you aren't quite there yet with the unknown host message, is restart Cisco Tomcat after it's uploaded.

0 Helpful

eemge
Level 1
Level 1
In response to Joseph Martini

‎09-21-2011 04:05 PM

The domain name is not set. I suppose that is required?

0 Helpful

michael-luo
Level 1
Level 1

‎09-21-2011 08:10 PM

"Created and uploaded Cert to tomcat-trusts"?

What steps you took to create the cert?

Michael

0 Helpful

eemge
Level 1
Level 1
In response to michael-luo

‎09-22-2011 07:31 AM

I asked the AD guys to create the cert and make sure CN=FQDN of GC. I could not find a procedure on exactly how to create the cert.

0 Helpful

michael-luo
Level 1
Level 1
In response to eemge

‎09-22-2011 07:42 AM

That's what I'm concerning.  Since you asked the AD guys to create the cert, obviously the cert was not created before.

If the cert does not exsit before, that means the AD guys didn't bother to enable SSL on LDAP.

If they didn't bother to do it, I was wondering if they know how to do it or have they done it already.    (create the cert and enable SSL are two different tasks).

Michael

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents