Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
0
Helpful
6
Replies

CUCM 12.X Connect to CSSM On-prem via IP address

rchaseling
Level 4
Level 4

‎01-15-2021 08:40 AM

Hi,

 

In a hosted environmet with multiple siloed UC 12 deployments - all using customers own DNS. We have a CSSM enterprise deployed with all the customers Smart Accounts on it

 

We have TCP 443 open from all CUCM nodes to the CSSM but when we put in URL below with IP address it fails below

 

https://X.X.X.X:443/Transportgateway/services/DeviceRequestHandler

Cannot send out SL Message.hostname in certificate didn't match: <X.X.X.X> != <csm.uc.hosted>

 

So it seems that the URL needs to be FQDN but this means we'll have to go to every single customer and add a "uc.hosted" subdomain to their DNS to resolve this which we really don't want to haev to do

 

Is there any way to disable TLS verification on Cisco UC or has anyone got this working with IP rather than FQDN ?

 

Thanks

 

 

 

Labels:
0 Helpful
6 Replies 6

Roger Kallberg
VIP
VIP

‎01-15-2021 09:26 AM

Have you tried with HTTP instead of HTTPS with the IP address?



Response Signature


0 Helpful

rchaseling
Level 4
Level 4
In response to Roger Kallberg

‎01-15-2021 09:56 AM

Don't have HTTP open on firewall to test and don't think it will be allowed as IP Sec has a TLS only policy. Will CSM support HTTP?

 

Was hoping there was ssome sort of TLS Verify disable option or similar. I've even gone down the route of seeing if static DNS Host records are possible in CUCM 112 but sadly this still doesn't seem to be possible

 

 

0 Helpful

Roger Kallberg
VIP
VIP
In response to rchaseling

‎01-15-2021 10:42 AM

Yes on-prem SSM supports HTTP.



Response Signature


0 Helpful

Nithin Eluvathingal
VIP
VIP

‎01-15-2021 10:03 AM

asper the Guide its using  IP.

 

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/212883-cucm-smart-licensing-mediated-model.html

 

Navigate to CUCM admin page > System > Licensing > License Management > View/Edit the Licensing Smart Call Home settings and then set the SSM satellite URL to ‘ https://10.106.81.131:443/Transportgateway/services/DeviceRequestHandler’(10.106.81.131 is the IP address of the satellite configured) and save, as shown in the image. 

 

SL Message.hostname in certificate didn't match: <X.X.X.X> != <csm.uc.hosted>

Looks like something wrong with the certificate which you are using. Can you  add ip on Certificate  SAN filed.

 

 



Response Signature


0 Helpful

rchaseling
Level 4
Level 4
In response to Nithin Eluvathingal

‎01-15-2021 11:33 AM

Interesting. The certificate is the same self signed one it generated at install. We don't have a CA to signed this. 

Might try changing the cssm host name to the ip and try regenerate the cert....

 

If that doesn't work might have to sweeten ip Info Sec

 

 

0 Helpful

Vinod.s
Level 3
Level 3

‎01-16-2021 09:33 AM

Hi ..

 

Yes we did and we are using HTTP instead of https.

0 Helpful
Customers Also Viewed These Support Documents