Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1749
Views
5
Helpful
2
Replies

Upload 3rd party Tomcat .pem in CuCM

Go to solution
agup
Level 1
Level 1

‎09-25-2017 06:02 PM - edited ‎03-17-2019 11:14 AM

We are running CuCM version 9.1(2). Currently we have Verisign signed Tomcat cert running on CuCM. It is time for renewal and we submitted to Verisign the .csr for renewal.

 

Verisign says they can't provide .cer as we were expecting, instead they are going to provide us .pem certificate.

 

Questions:

1. Can I upload .pem to CuCM as it is or do I need to convert .pem cert in .cer prior to upload?

2. If I can upload .pem as it is received, is it same steps as .cer upload or different?

3. How do I verify if .pem has all the right info like server name, SAN etc

4. If I need to convert .pem to .cer prior to uploading .cer, how do I do it?

 

Please let me know if more info required.

 

Thanks in Advance for all answers.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎09-25-2017 08:16 PM

you can upload pem files straight into cucms as per:

 

Cisco Unified Communications Manager Release 8.6 supports Privacy Enhanced Mail (PEM) Base64 encoded format of X.509 certificate (only one PEM certificate in a file), Distinguished Encoding Rules (DER) format of X509 Certificate and DER format of PKCS#7 (Public-Key Cryptography Standards) Certificate Chain. The system does not support PEM format of PKCS#7 Certificate Chain.

 

(this is taken of a 10.5 cucm)

Please remember to rate useful posts, by clicking on the stars below.

View solution in original post

2 Replies 2

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎09-25-2017 08:16 PM

you can upload pem files straight into cucms as per:

 

Cisco Unified Communications Manager Release 8.6 supports Privacy Enhanced Mail (PEM) Base64 encoded format of X.509 certificate (only one PEM certificate in a file), Distinguished Encoding Rules (DER) format of X509 Certificate and DER format of PKCS#7 (Public-Key Cryptography Standards) Certificate Chain. The system does not support PEM format of PKCS#7 Certificate Chain.

 

(this is taken of a 10.5 cucm)

Please remember to rate useful posts, by clicking on the stars below.

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎09-26-2017 07:14 AM

There is only one procedure to upload certificates, no matter the extension.

The last two questions, you just need to google, and you will find sites that show you the decoded contents of the pem file, and the procedure to change certificates from X to Y format.

HTH

java

if this helps, please rate
0 Helpful
Customers Also Viewed These Support Documents