Solved: Hello Götz,I cannot recreate

goetz.reinicke · ‎10-27-2014

Hi,

we wanted to install our official SSL certificates for the Callmanager, presence and Unity Connection.

I had to regenerate the web-security from the console following the instructions.

All values are in the correct order:

orgunit orgname locality state

"IT OfficeNet" "Filmakademie Baden-Wuerttemberg GmbH" Ludwigsburg Baden-Weuerttemberg

But in the certificate for tomcat cisco changes values! What the heck?!

OU=set,O=web-security,L=IT OfficeNet

but it should be from my understanding:

OU=IT OfficeNet,O=Filmakademie Baden-Wuerttemberg GmbH,L=Ludwigsburg

Any idea, what's going wrong? Why is call manager etc messing things like this up?

The point is, we do need the name in the format O=Filmakademie Baden-Wuerttemberg GmbH,C=DE for our DFN PKI PCA. And no we don't do it the microsoft way!

Thnaks for any hint and regards . Götz Reinicke

Mateusz Pagacz · ‎10-27-2014

Hello Götz,

I cannot recreate that issue. Did you use the below command to change the Tomcat certificate?

admin:set web-security "IT OfficeNet" "Filmakademie Baden-Wuerttemberg GmbH" Ludwigsburg Baden-Weuerttemberg

WARNING: This operation creates self-signed certificate for web access (tomcat) with the updated organizational information. However, certificates for other components (ipsec, CallManager, CAPF, etc.) still contain the original information. You may need to re-generate these self-signed certificates to update them.

Regenerating web security certificates please wait ...

WARNING: This operation will overwrite any CA signed certificate previously imported for tomcat
Proceed with regeneration (yes|no)? yes

Successfully Regenerated Certificate for tomcat.
You must restart services related to tomcat for the regenerated certificates to become active.

admin:show web-security
[
Version: V3
Serial Number: 133081466728708197270872537923747420964
SignatureAlgorithm: SHA1withRSA (1.2.840.113549.1.1.5)
Issuer Name: L=Ludwigsburg, ST=Baden-Weuerttemberg, CN=cucm-c.mpagacz.local, OU=IT OfficeNet, O=Filmakademie Baden-Wuerttemberg GmbH, C=PL
Validity From: Mon Oct 27 20:05:41 CET 2014
To: Sat Oct 26 21:05:40 CEST 2019
Subject Name: L=Ludwigsburg, ST=Baden-Weuerttemberg, CN=cucm-c.mpagacz.local, OU=IT OfficeNet, O=Filmakademie Baden-Wuerttemberg GmbH, C=PL

-Mateusz

View solution in original post

Mateusz Pagacz · ‎10-27-2014

Hello Götz,

I cannot recreate that issue. Did you use the below command to change the Tomcat certificate?

admin:set web-security "IT OfficeNet" "Filmakademie Baden-Wuerttemberg GmbH" Ludwigsburg Baden-Weuerttemberg

WARNING: This operation creates self-signed certificate for web access (tomcat) with the updated organizational information. However, certificates for other components (ipsec, CallManager, CAPF, etc.) still contain the original information. You may need to re-generate these self-signed certificates to update them.

Regenerating web security certificates please wait ...

WARNING: This operation will overwrite any CA signed certificate previously imported for tomcat
Proceed with regeneration (yes|no)? yes

Successfully Regenerated Certificate for tomcat.
You must restart services related to tomcat for the regenerated certificates to become active.

admin:show web-security
[
Version: V3
Serial Number: 133081466728708197270872537923747420964
SignatureAlgorithm: SHA1withRSA (1.2.840.113549.1.1.5)
Issuer Name: L=Ludwigsburg, ST=Baden-Weuerttemberg, CN=cucm-c.mpagacz.local, OU=IT OfficeNet, O=Filmakademie Baden-Wuerttemberg GmbH, C=PL
Validity From: Mon Oct 27 20:05:41 CET 2014
To: Sat Oct 26 21:05:40 CEST 2019
Subject Name: L=Ludwigsburg, ST=Baden-Weuerttemberg, CN=cucm-c.mpagacz.local, OU=IT OfficeNet, O=Filmakademie Baden-Wuerttemberg GmbH, C=PL

-Mateusz

Problems generating right CSR for Callmanager 10 - cisco messes up values, Bug?