Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1320
Views
0
Helpful
2
Replies

Cisco UCM and CCX required certificates

Go to solution
adnanhassan1
Level 1
Level 1

‎10-05-2017 03:59 AM - edited ‎03-19-2019 12:50 PM

Hi Guys, 

I am about to upgrade our Cisco Call Manager and UCCX from version 9.0 to 11.5. 

Can someone please guide me which certificates I will need and what information I need to provide our CA authority to generate certificate for me?

As far as I am aware only tomcat certificate is required, but please correct me if I am wrong or missing anything?

 

Hope to hear from you soon.

 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Chris Deren
Hall of Fame
Hall of Fame

‎10-05-2017 08:49 AM

Are you changing hostnames of your servers or doing in place upgrade? If you are doing in place upgrade then the certs will not re-generate and will remain as they are.

If you do require new certs then on CCX you only need Tomcat which will be used by web access and Finesse agent login.

On CUCM most common cert required is Tomcat, but depending on your deployment you may need other signed certs i.e. Callmanager cert if you are doing trusted connection to voice gateways, etc. You can check which certs are self-signed vs. CA signed today by logging into the OS admin page and reviewing the certs under security section.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Chris Deren
Hall of Fame
Hall of Fame

‎10-05-2017 08:49 AM

Are you changing hostnames of your servers or doing in place upgrade? If you are doing in place upgrade then the certs will not re-generate and will remain as they are.

If you do require new certs then on CCX you only need Tomcat which will be used by web access and Finesse agent login.

On CUCM most common cert required is Tomcat, but depending on your deployment you may need other signed certs i.e. Callmanager cert if you are doing trusted connection to voice gateways, etc. You can check which certs are self-signed vs. CA signed today by logging into the OS admin page and reviewing the certs under security section.

0 Helpful

Go to solution
robertov
Level 1
Level 1
In response to Chris Deren

‎06-04-2018 06:49 AM

I have recently taken charge of our voip environment. I notice in CCX cert monitor we have over 96 certificates in the list. This weekend i replaced the CCX tomact and tomcat-trust cert using an internal CA no issues in doing this finesse works fine the call center is open today and no one has reported any issues and the old certs deleted or were removed since i use Multi San. I know that there is a ipsec and ipsec-trust cert but I am confused as to what the other 90+ certs are? All show to be tomcat-trust certs issued by many different external authorities like eqifax and verisign etc.... I am wondering if our previous vendor just uploaded everything he had is in arsenal at the moment of deployment. So my question what is actually needed in CCX for it to work. I assume the four i mentioned but want to make sure before i start deleting. What does a normal environment have in number of certs? CM is also the same has about 56+ certs installed.

thanks,
0 Helpful
Customers Also Viewed These Support Documents