Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
953
Views
5
Helpful
6
Replies

Single Trust Certificate for CUCM 10.5.1

ahamedulla jainudeen
Level 1
Level 1

‎10-21-2015 10:41 AM - last edited on ‎03-25-2019 08:37 PM by Community Manager

Hi, 

I would like to know , the single trust certificate name which is recently revised in the cisco, available for multiple servers (one publisher with 7 subscribers) instead of applying all the trusted certificates (ie. IP Sec,tomcat certificate etc.,) in the cluster individually. So that if we regenerate and download csr of this single certificate in the publisher it can be synchronized automatically with all the subscribers.

help me to know in detail about this.

Call Manager version# 10.5.1 

Cluster# publisher with seven subscriber.

 

Regards

AZ.

Labels:
0 Helpful
6 Replies 6

Ayodeji Okanlawon
VIP Alumni
VIP Alumni

‎10-21-2015 12:05 PM

The feature is called cucm multi SAN (subject alternate name) 

 

Please refer to this doc.. 

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/118731-configure-san-00.html

.. 

It is very easy to use. When generating your csr just select multi SAN, from the drop down menu. Same when uploading the signed cert 

 

 

Please rate all useful posts
0 Helpful

ahamedulla jainudeen
Level 1
Level 1
In response to Ayodeji Okanlawon

‎10-24-2015 12:25 PM

Thanks @Ayodeji...

Thanks a lot....

0 Helpful

KY_
Level 4
Level 4
In response to Ayodeji Okanlawon

‎01-24-2017 01:39 AM

Hi,

I have same question, I have two cucm and two im&p server. When I loggin in to to jabber locally its asking me  certificate not valid alert for every server. (cucm and im&p servers)

TAC suggested me multi-SAN with which is signed by my external CA certificate authority.

My question is that;  What will I do ?  Do need to upload certificated directly expressway-c or should I signed from my CA authority ?

Will this cause any problem on the phones after that? (ctl or phones registration issues ?

Thanks

0 Helpful

Chris Deren
Hall of Fame
Hall of Fame
In response to KY_

‎01-24-2017 05:49 AM

You need Tomcat cert from CUCM, IMP (if using SAN cert it would be the same), Unity Connection, as well as XMPP cert on IMP servers to be trusted by the client. It can be signed by external CA (ideal especially mobile clients), which you'd have to purchase, or you can sign these by internal CA if you have one, but then you would need a way to upload the root/intermediate certs from this CA to all clients, where mobile clients i.e. iPhone would require pushing them via MDM type solution. 

Uploading new certs requires service restart i.e. Cisco Tomcat which would break the web access to the application for couple of minutes. There are many threads and documents on the exact procedure.

0 Helpful

KY_
Level 4
Level 4
In response to Chris Deren

‎01-24-2017 07:57 AM

Thanks for reply Chiris,

Will this cause any problem on the phones after that? especialy phone registration or etc.?

Thanks

0 Helpful

Chris Deren
Hall of Fame
Hall of Fame
In response to KY_

‎01-24-2017 09:51 AM

No, Tomcat and XMPP certs have nothing to do with phones.

Customers Also Viewed These Support Documents