03-17-2017 12:36 PM - edited 03-17-2019 09:50 AM
Hi,
I followed this document to configure a secure integration between CUCM and CUC.
The SIP connection was working fine with native certificates.
After I did a CSR for Callmanager certificate and installed the Root-CA and Sub-CA as Callmanager-trust and the signed Callmanager certificate back to CUCM the SIP connection between CUCM and CUC no longer is working in secure mode.
Both systems I already restarted but SIP still not working.
The CUC root certificate I also installed new as Callmanager-trust in CUCM but did not help.
Does anybody knows what to do that secure connection betweenn CUCM and CUC is working after Callmanager certificate was signed by CA?
BR
Michael
03-19-2017 10:51 PM
did you upload the Root Ca and Sub CA at both ends of the connection? ie on cucm and cuc.
also, does the cert have client server authentication under its Enhanced Key Usage (drill into the X509 cert details).?
Cheers
Please rate if useful
03-20-2017 01:28 AM
Hi Dennis,
as written Root-CA and Sub-CA was uploaded in CUCM as callmanager-trust.
When I try to install Root-CA and Sub-CA in CUC as "connection-trust" I get this error -> Certificate upload failed, unable to generate a hashname
03-19-2017 11:39 PM
1) Installing the Root-CA and Sub-CA
---> Make sure you install the Root-CA and SUB-CA in CUC as well
--> Have you also signed the CUC Certificate or still using Self-Signed One. In both cases make sure you have uploaded the Root-CA and SUB-CA in CUCM.
And Finally Please rate and mark correct as applicable.
Thanks
Haris
03-20-2017 01:27 AM
Hi Haris,
this I did:
CUCM:
1. CSR Callmanager cert
2. CSR tomcat cert
3. Installing Root-CA and Sub-CA as Callmanager-trust
4. Installing Root-CA and Sub-CA as tomcat-trust
5. Installing ca-signed callmanager cert
6. Installing ca-signed tomcat cert
CUC:
1. CSR tomcat cert
2. Installing Root-CA and Sub-CA as tomcat-trust
3. Installing ca-signed tomcat cert
How can I sign the CUC root certificate / how can I make a CSR from CUC root certificate which could be signed because the CUC root certificate can`t be found in the OS admin but only in the CUC admin web page as *.0 file.
BR
Michael
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: