Hi Paul,

paul.collins1.ctr1 · ‎01-28-2016

Why when I log into my CUCM via web gui do I get the certificate error warning? I downloaded the certificate to my trusted root store yet the error is still there? Not the most savvy when it comes to certificates any help is greatly appreciated.

Jaime Valencia · ‎01-28-2016

And did you install the root certificate from CUCM in your computer?? and you're logging in, using the CN which is defined in the certificate??

HTH

java

if this helps, please rate

paul.collins1.ctr1 · ‎01-28-2016

Did not download the root certificate from the CUCM. Just the certificate that pops up when you click on the certificate error box.

Jaime Valencia · ‎01-28-2016

That's also part of the authentication chain.

If you notice, if you go to your online banking, youtube, gmail, etc. You usually get a lock, green icon, etc. which means that

A) You trust, the guy who signed the certificate from their site. Pretty much any OS comes with built-in root certs to the most common public CAs for this to happen.

B) The site you're visiting, has a cert, which was signed by someone you already trust, which is point A, and you are reaching them by using the CN defined in their certificate. The CA already vouchs that they are who they claim they are.

In this case, you only have B, but since CUCM signed his own cert, you don't have that one, so, you're missing point A. You need to download the root cert from CUCM, and install it on your PC to complete the trust chain.

If you google certificates explanation, or ssl explanation, how ssl works, or similar, you can find plenty of info, and many videos on youtube that explain this in a lot more detail.

HTH

java

if this helps, please rate

paul.collins1.ctr1 · ‎01-28-2016

ok will read more into it, in the meantime how do I know which cert to download? When I got to Security> Certificate Management there is a long list of certificates.

Jaime Valencia · ‎01-28-2016

You need to look for the Tomcat certificates.

HTH

java

if this helps, please rate

paul.collins1.ctr1 · ‎01-28-2016

downloaded the tomcat cert to my machine and still getting that error.

Jaime Valencia · ‎01-28-2016

Have you installed it under the trusted root certs??

And are you using the exact CN that the certificate has in the URL??

HTH

java

if this helps, please rate

paul.collins1.ctr1 · ‎01-29-2016

yes to both

Deepak Rawat · ‎01-29-2016

Which browser are you using. In case it is IE, then try FF and when the certificate error comes, do below:

a) A page appears that states this connection is untrusted. Click I Understand the Risks, and then click Add Exception.
b) Ensure the Permanently store this exception check box is checked.
c) Click Confirm Security Exception.

Regards

Deepak

Nadav · ‎02-02-2016

Hi Paul,

Take a look at this:

https://supportforums.cisco.com/document/30501/cucm-uploading-ccmadmin-web-gui-certificates

If you're uploading the root certificate, you should be fine. There are several possible certificate warnings. Follow the procedure in the link and if you're still having problems after restarting Tomcat, make sure to write down the exact message you're getting.

You should also look at the comment section of the link, since there are some caveats which are addressed.