Hey Jaime, thanks again for

Matthew Martin · ‎01-07-2016

Hello All,

Cisco Unity Connection: 8.6.2ES120.24901-120

When I go the the web page for our Unity Connection Publisher server I receive an SSL warning for the server's certificate. I can add an exception for this and when I check out the Certificate's details, it shows that it expired on 7/25/2015.

So I would like to know what is involved in updating the Server's Certificate, or how to fix this, and if it's something that can be easily done..?

Any thoughts or suggestions would be greatly appreciated!

Thanks in Advance,
Matt

Jaime Valencia · ‎01-07-2016

First of all, is this a self signed certificate?? internal CA signed?? public CA signed??

HTH

java

if this helps, please rate

Matthew Martin · ‎01-07-2016

Hey Jaime, thanks for the reply. Much appreciated!

I believe it is Self-Signed, but I'm not positive. How can I find that out?

I thought I remember seeing "Self-signed" somewhere in the error message from my web browser, but I'm not seeing it at the moment

Thanks Again,
Matt

Jaime Valencia · ‎01-07-2016

Go to certificate management under the OS admin GUI and it will tell there.

You can take a look at this video I made:

https://supportforums.cisco.com/video/12627626/how-regenerate-self-signed-certificates-cucm-imp-and-cuc

Process is basically the same thing, some of the options might be named differently, or show differently in the GUI on 8.6

HTH

java

if this helps, please rate

Matthew Martin · ‎01-07-2016

Hey Jaime, thanks for the quick reply.

So I'm on the Certificate Management page of the CUC server, but I'm not quite sure which certificate is the one in question. See the screenshot below.

This Unity server's name is jwp-cuc01, so I'm guessing it's one of the highlighted ones in the screenshot below. If I download/save the certificate from my Firefox's certificate management window, it saves the cert as filename --> "jwp-cuc01". So I'm guessing it's the first highlighted one in the list below:

*The image is clearer if you right-click it and click "view image" or whatever your browser's option is to open the image...

Any idea which one it is?

Thanks,
Matt

Jaime Valencia · ‎01-07-2016

There's two things to this, A your tomcat-trust certs need to be valid, In new releases there's an extra column with that info, you can click on them and you should see the validity for them, if they're still valid, the one you need to regenerate, are NOT the ones you highlighted (again, assuming they're still valid) the one you would actually need to re-generate is the one on top, that only says tomcat on the certificate name, and says self-signed on the right column.

HTH

java

if this helps, please rate

Matthew Martin · ‎01-08-2016

Thanks for the reply Jaime!

Are there any side effects to re-generating the Certificate that I should be made aware of? I thought I remember there being some issues the last time we did this to one of our Unified Communications servers.

Thanks,

Matt

Jaime Valencia · ‎01-08-2016

Assuming you only need to take care of Tomcat, it's pretty seamless, you simply need to restart Tomcat after that for the new cert to be used, if you do require to regenerate other certs, that will depend on what/where you're using them, in particular, the callmanager cert can bring problems, if also working with other certs, see here

http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-callmanager/116232-technote-sbd-00.html#anc13

HTH

java

if this helps, please rate

Matthew Martin · ‎01-11-2016

Hey Jaime, thanks again for the reply!

Ok, cool sounds good... Thanks for the info. Hopefully I'll be able to run this as soon as I get the go ahead to do so.

Thanks again, much appreciated!

-Matt

Fixing Certificate for Cisco Unity Connection