12-28-2020 11:50 PM - edited 12-29-2020 12:11 AM
Hi,
I have a problem uploading a GlobalSign signed certificate as tomcat certificate on my 11.5.1 CUCM.
Uploading the certificate as Callmanager-Trust certificate worked perfectly. However, when I try to upload it as tomcat certificate, I get the error 'File '/usr/local/platform/.security/tomcat/keys/tomcat.csr' does not exist'.
When selecting tomcat as certificate purpose in the certificate upload wizard, the description is automatically set as 'Self-signed certificate'. For the other certificate purposes, this is left blank.
I can also upload the certificate as a tomcat-trust certificate (it lists the new expiration date in the Certificate List), but as soon as I restart the Tomcat service, the new certificate is gone and the old one is back.
I do not think the certificate was created based on a CUCM-generated CSR (someone else my company sent me this cert so i'm unsure). Is generating a CSR first the only way to do it?
I am fairly new to certificates. Is their anyone that can shed some light on this?
Thanks in advance!
Solved! Go to Solution.
12-29-2020 04:32 AM
You can generate self signed certificate from CUCM
Or if you need to use a CA signed certificate generate a csr, get it signed by internal or external CA.
you need to generate csr each time.
12-29-2020 12:06 AM - edited 12-29-2020 12:09 AM
Looks like there is no CSR generated for tomcat service. Have you generated the CSR for tomcat ?
Upload the Root CA on Tomcat trust first and then upload the server certificate.
When selecting tomcat as certificate purpose in the certificate upload wizard, the description is automatically set as 'Self-signed certificate'. For the other certificate purposes, this is left blank. This normal.
12-29-2020 03:51 AM
Thank you for your answer.
There is an active cert for tomcat that will expire soon. Is it possible that the new certificates are generated based on this?
Does a new CSR need to be generated every time the tomcat certificate has to be renewed? Or can this be re-used?
Thanks in advance.
12-29-2020 04:32 AM
You can generate self signed certificate from CUCM
Or if you need to use a CA signed certificate generate a csr, get it signed by internal or external CA.
you need to generate csr each time.
12-29-2020 12:26 AM
You would be able to see in the list if there are any CSR for Tomcat present. If it’s not the certificate was either not created based upon a CSR for Tomcat or the CSR was created on another system. Less likely is that someone removed the CSR. Either way without a CSR you’re not going to be able to upload the CER file.
For any CA there is at least a root certificate to upload into the trust store, likely also an intermediate certificate. Have you uploaded these into the Tomcat trust store?
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide