01-10-2012 02:05 PM - edited 03-16-2019 08:55 AM
I amnot very familiar with certificates. We have been using a one-time certificate so that anytime the user clicks the "User Preferences" link, they have to accept the cert. each time. We want a permanent certificate. My network guy generated a certificate in Unified OS Administration and uploaded it to our certificate server. How to we get this webpage to point to the new certificate? (link example https://xxx.xxx.xxx.xxx/ccmuser/showHome.do) Is this in CM or does is it just IE specific? Registry? I have searched the Cisco help docs and they all say how to generate and upload the new cert but don't say how to make the primary/effective cert.
01-10-2012 11:51 PM
Hi
Getting a cert uploaded is a three-step process.
1) Go to OS admin, and generate a CSR (Certificate Signing Request) for the tomcat service.
2) Take the CSR to your cert server/provider, and get a cert issued. If it's a cert provider that isn't well known, or is an internal server to your organisation, then you will probably need the root cert and any intermediate certificates.
3) Upload the root cert to the OS Admin page where you got the CSR from. Also upload intermediate and root certs.
Restart the server (or just the tomcat server 'utill service restart cisco tomcat' from the server CLI) for it to take effect.
It's all detailed in the OS Administration guide for your version of CUCM.
There's a few other things you should know about SSL in general:
So make sure you are using the server's hostname when connecting after loading the cert and restarting.
Aaron
Regards
Principal Engineer at Logicalis UK
Please rate helpful posts...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide