10-16-2013 07:22 AM - edited 03-19-2019 07:24 AM
hi
in order to placate my jabber 9.2.5 clients (which prompts users to trust the unity connection tomcat SSL certificate) i thought it would perhaps be easier to replace the self signed tomcat SSL certificate with one issued by my windows enterprise CA and i found this guide
http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/administration/guide/8xcucsag215.pdf
so the steps i have taken are
1) Generated a CSR for tomcat
2) went to my windows enterprise CA server (2008r2 and not 2003 btw) and tried to submit new request but this failed with error
Certificate Request Processor
The request contains no certificate template information. 0x80094801 (-2146875391)
Denied by Policy Module 0x80094801, the request does not contain a certificate template extension or the Certificate Template request attribute.
so i found out you can run a cmd line
certreq -submit -attrib "CertificateTemplate:WebServer" <Cert Request.req>
i did this and it saved the new SSL certificate. i then uploaded the issuer certificate exported from the windows enteprise CA and uploaded it as tomcat-trust
but now i run into the following issue
the document says
Upload the server certificate:
On the Certificate List page, select Upload Certificate.
On the Upload Certificate page, in the Certificate Name list, select tomcat.
In the Root Certificate field, enter the filename of the issuer certificate that you uploaded in Step 3.
Select Browse, and browse to the location of the server certificate.
but there is no root certificate field, all i can see is
certificate name : tomcat
Description: self-signed certificate (this is greyed out so i cannot enter anything there)
Upload File (choose File)
I can of course upload the windows enterprise CA signed certificate for the unity connection server but i am not sure if this is correct given i cannot enter the root Certificate Field
once i have done this on the unity connection server i need to repeat the same process for the CUCM and CUPS servers. i thought i try unity connection first as nobody ever connects via IMAP or HTTPS (except me) so it is a good test bed.
has anyone replaced the self signed tomcat SSL certificates with a windows enterprise CA signed (2008 r2) SSL certificate and did you encounter the same issue and if so how did you resolve or if you have a recommendation that woudl be great too
many thanks
Solved! Go to Solution.
10-16-2013 09:02 AM
Hi,
You will have to upload the Root CA to Unity Connection under the tomcat-trust section and once that is complete, upload the signed certificate to tomcat.
The process is same for CUCM/CUPS. Upload root ca to tomcat-trust and then upload the signed cert to tomcat.
Please rate useful posts.
10-16-2013 09:02 AM
Hi,
You will have to upload the Root CA to Unity Connection under the tomcat-trust section and once that is complete, upload the signed certificate to tomcat.
The process is same for CUCM/CUPS. Upload root ca to tomcat-trust and then upload the signed cert to tomcat.
Please rate useful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide