04-16-2022 07:17 AM
Hey guys,
I just upgraded our unity connection server 11.5 from 11900 to 22900. Upgrade went well (according to logs) and the box boots 22900 (according to the console prompt). However the tomcat services were not coming up (no https possible)
While looking through the console, I got spammed with expired certificate messages, and realized that the certficates actually had expired. I regenerated the tomcat certificate via the CLI console and restarted tomcat. After a short time the https services like unity administration page and OS administration page were back up.
I continued within the webinterface to regenerate the remaining certificates. However there are two certificates that I can't renew: callmanger-trust in the RSA and EC variant. I remembered that trust certificates needed to be deleted before they can be regenerated so I delted the EC version. (Might have been a mistake though).
When I click the "generate certifcate" button it doesn't let me select a callmanger certificate. Only options on Unity Connection are:
I wonder where that callmanger-trust certificate comes from. It is *not* the callmanger certificate from my CUCM box, because it clearly says: cuc.dmain.tld with the certificate which is the hostname of my Unity connection. My CUCM box is called cucm.domain.tld
Also on my cucm the callmanger-trust certficate has a differnt fingerprint. Since I don't use SIP SSL between the systems and have never installed a callmanger-trust certificate on the CUC box I wonder where it comes from and if it is actually needed - and if so how do I regenerate it?
regards
Fabian
Solved! Go to Solution.
04-16-2022 09:12 AM
The CVOS on CUC and CM was at one point the same, so CUC had the Callmanager certificate. In resent versions this is not so, in these the Callmanager certificate is not actually needed.
04-16-2022 09:12 AM
The CVOS on CUC and CM was at one point the same, so CUC had the Callmanager certificate. In resent versions this is not so, in these the Callmanager certificate is not actually needed.
04-16-2022 10:12 AM
There is no Call manager certificate on CUC because Call manager services not applicable for cuc its only for cucm.
So once you regenerate the Call manager trust certificate on CUCm it will automatically regenerate on CUC, IMP.
you need to restart all the nodes on you cluster.
Pls rate if its “Helpful”. If this answered your question pls click “Accept as Solution”.
Sadav Ansari
04-16-2022 10:23 AM
AFAIK the CM Callmanager certificate is not distributed to CUC automatically. There is no such tight integration between these two.
04-16-2022 10:56 AM
Yes, it doesn't seem to be distributed automatically. However between cucm and cuimp certificates are exchanged automaticall.
Also thanks for your swift replies, saved my easter weekend
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide