Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
0
Helpful
5
Replies

CUCM 8.6 use the certificate generated by external C.A.

Go to solution
wilsonsant
Level 6
Level 6

‎12-29-2015 10:55 AM - edited ‎03-17-2019 05:21 AM

Hi Guys,

My Customer have the CUCM 8.6 and is with follow doubt: Is possible to use certificate generated by the external C.A. ? If yes, are there any documentation explain for this?

Thanks,

Wilson

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎12-29-2015 01:36 PM

https://supportforums.cisco.com/video/12675036/how-sign-certificates-microsoft-ca

Assuming you're going to be using a public CA, the part you won't be doing, is signing them with your CA.

HTH

java

if this helps, please rate

View solution in original post

0 Helpful

Go to solution
Ryan Huff
Level 4
Level 4
In response to Jaime Valencia

‎12-29-2015 01:59 PM

Good thought Jamie!

My original reply does not account for the possibility that the OP would be using a non-public CA. Typically, in my experience, folks reference that as "internal", so when the OP referenced "external", it was a logical jump to translate that to "Public". I appreciate you adding in the missing info to this thread!

Thanks,

Ryan

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Ryan Huff
Level 4
Level 4

‎12-29-2015 11:54 AM

Hello Wilson,

If you are asking if Cisco Unified Communications Manager 8.6 can use an SSL identity certificate that is signed by a public certificate authority, the answer is yes. The certificate would be uploaded in the Certificate Management section of Communications Manager's Operating System administration.

You need to generate the CSR from Communications Manager first, then use that to upload to your CA, which then the CA will generate the certificate.

Some items to note are;

  • You have to upload the full certificate chain (root CA -> intermediary CA -> Server IDENT).
  • You will want a certificate for each node in the cluster
  • After you install/upload the certificate in the node, you need to restart the Cisco Tomcat Service via the CLI (utils service restart Cisco Tomcat)

The Support Forums Document should help:

https://supportforums.cisco.com/document/30501/cucm-uploading-ccmadmin-web-gui-certificates

Here is the Cisco Security Documentation for Unified Communications Manager 8.6 that outlines, in great detail, all the steps required:

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/cucos/8_6_1/cucos/osg_861_cm/iptpch6.html

Thanks,

Ryan

(: ... Please rate helpful posts ... :)

0 Helpful

Go to solution
wilsonsant
Level 6
Level 6
In response to Ryan Huff

‎12-30-2015 03:12 AM

Hi Ryan and Jaime,

This Customer is a public agency and will use the owner C.A.

Thank You,

Wilson

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to wilsonsant

‎12-30-2015 01:23 PM

Then, ideally, all you need to worry is to generate the CSR and then upload the certs they will give you back, the rest of it, should be handled by their network admins.

HTH

java

if this helps, please rate
0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎12-29-2015 01:36 PM

https://supportforums.cisco.com/video/12675036/how-sign-certificates-microsoft-ca

Assuming you're going to be using a public CA, the part you won't be doing, is signing them with your CA.

HTH

java

if this helps, please rate
0 Helpful

Go to solution
Ryan Huff
Level 4
Level 4
In response to Jaime Valencia

‎12-29-2015 01:59 PM

Good thought Jamie!

My original reply does not account for the possibility that the OP would be using a non-public CA. Typically, in my experience, folks reference that as "internal", so when the OP referenced "external", it was a logical jump to translate that to "Public". I appreciate you adding in the missing info to this thread!

Thanks,

Ryan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents