Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1263
Views
0
Helpful
3
Replies

Internet Explorer 11 and CUCM Web Interface Issue

R M
Level 1
Level 1

‎08-29-2016 06:05 AM - edited ‎03-17-2019 07:57 AM

On CUCM 7.1 SSL3 is used for Tomcat. With the discovery of vulnerabilities in SSL3, Microsoft has apparently killed it on IE11 with update KB3172605. Clients can no longer access CUCM web interfaces without a workaround lowering the Diffie Hellman key length minimum to 512.

Does CUCM 7.1 support generating a new certificate with a stronger key length? Is there any decent documentation on implementing it?

Thanks!

Labels:
0 Helpful
3 Replies 3

Mohammed Khan
Cisco Employee
Cisco Employee

‎08-29-2016 06:21 AM

Refer below link

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html

0 Helpful

R M
Level 1
Level 1
In response to Mohammed Khan

‎08-29-2016 07:02 AM

Thanks for the quick reply. That link pertains to a newer version of CUCM that 7.1. It also doesn't cover changing the key length and security parameters. The current certificates aren't expired, they just use a weaker method than Internet Explorer currently supports.

Is there any way to change these parameters?

0 Helpful

Jonathan Schulenberg
Hall of Fame
Hall of Fame
In response to R M

‎08-29-2016 05:40 PM

Nope. Your only option is to upgrade, which you should anyway: 7.1 went end of sale in 2011 and end of support in 2015. This SSL issue is by far not the only security vulnerability in it.

http://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-communications-manager-callmanager/end_of_life_notice_c51-695269.html

0 Helpful
Customers Also Viewed These Support Documents