cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3614
Views
5
Helpful
7
Replies

What is the difference between a normal certificate and a trust certificate?

sanjaydev
Beginner
Beginner

Hello Friends

 

What is the difference between a normal certificate and a trust certificate?

Say tomcat or ipsec with tomcat or ipsec trust certificates.

I looked Cisco docs and could get far with it. Could someone explain more on this.

 

Regards

Sanjay

1 Accepted Solution

Accepted Solutions

Hi Sanjay,

As you have self signed certificates, CA certs are not needed and trust certificate will be there by default in CUCM.

Reg impact for ipsec cert, it impacts DRF (backup and restore). if this is expiring, you can simply regenerate and reboot the node in which it expired to complete the process. Please refer the below link for the procedure:

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/117299-problemsolution-product-00-html.html#anc8

HTH
Rajan
Pls rate all helpful posts

View solution in original post

7 Replies 7

Georgios Fotiadis
Rising star
Rising star

As tomcat you upload the certificate for the service itself, while as tomcat-trust the CA authority (along with any intermediate if any): The Difference Between tomcat and tomcat-trust

Georgios
Please rate if you find this helpful.

sanjaydev
Beginner
Beginner

So what happens if we dont upload the trust one? What will be the impact. 

You will not be able to up load the (tomcat) certificate as the CA (and intermediate) certificates will no be present in the server's trust store. You will have to upload those first.

Georgios
Please rate if you find this helpful.

Thank you for the reply. What I wanted to know is what if I won't upload any of those certs and what type of impact will be there. Say I am getting an alert for ipsec.der certificate gonna expire. What should I do here since it is a self signed certificate. Just regenerate it or request csr and go through the process?

If your requirements have not changed (i.e. if you still don't need CA signed certificates) you may as well regenerate the (tomcat/ipsec-trust) self-signed certificates.

 

Georgios
Please rate if you find this helpful.

Hi Sanjay,

As you have self signed certificates, CA certs are not needed and trust certificate will be there by default in CUCM.

Reg impact for ipsec cert, it impacts DRF (backup and restore). if this is expiring, you can simply regenerate and reboot the node in which it expired to complete the process. Please refer the below link for the procedure:

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/117299-problemsolution-product-00-html.html#anc8

HTH
Rajan
Pls rate all helpful posts

Thank You Everyone. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers