Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
10
Helpful
1
Replies

CUCM SAN Certificate

oosters-mario
Level 1
Level 1

‎04-20-2021 04:43 AM - edited ‎04-20-2021 04:44 AM

Hi,

 

I am in the process of creating a new Multi-Server (SAN) certificate for our Collaboration Cluster.

This automatically includes my Publisher, 2 Subscribers as well as my 2 Presence Nodes.

My question is, as I need to renew my 2 * Unity Connection and 2 * UCCX as well, could I add there FQDN's (using other domains) in this CSR and create one certificate that would contain all of them for tomcat and tomcat-trust off course. Is this a good or bad idea ??

I suppose I would need to upload the same certificate once for the Unity Connection Cluster as well for the UCCX cluster.

If this is ok, this would seriously reduce the number/complexity of certificates needed.

Also my Internal Signing CA is a Sub CA. Off course I need to add it everywhere in tomcat-trust. But what about it's root. Do I need to add this one as well to tomcat-trust. It seems logic to me, but the previous consultant, didn't do it. And all is still working.

0 Helpful
1 Reply 1

oosters-mario
Level 1
Level 1

‎04-20-2021 04:54 AM

Nevermind, I found the response already in the community forum.

https://community.cisco.com/t5/unified-communications/question-about-cisco-uc-multi-server-certificates/td-p/4021239

 

In short, it is not possible as your must create a new CSR for each Aplication Type (CUCM/UCCX/Unity) because you cannot upload an entire certificate (Public+Private key) to the tomcat certificate store for example.

Customers Also Viewed These Support Documents