Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
814
Views
0
Helpful
4
Replies

Use a real, trusted certificate for Click To Call

Go to solution
oasislegal
Level 1
Level 1

‎10-03-2013 11:01 AM - edited ‎03-19-2019 07:21 AM

Hi everyone. I see there are instructions on how to install a certificate from Call Manager so that it is trusted by client computers on this page:

http://www.cisco.com/en/US/products/ps9829/products_tech_note09186a0080c157da.shtml

The process describes running a command on every client computer to install it into the trusted certificates store.

My question is, can I instead generate a certificate using a trusted authority (in this case our windows domain controller) and install it in the call manager. This seems better to me because all the computers will automatically trust it, without having to touch each machine.

Is it as simple as Generate CSR on call manager, create certificate on DC, upload to call manager? After uploading, can I specify that click to call should use the new trusted certificate instead of the self signed one?

And the million dollar question of course! Is there any possibility that this will break anything?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎10-03-2013 06:29 PM 

Is there any possibility that this will break anything?

Yes if your cluster is in mixed mode (i.e. doing TLS/IPsec-protected signaling or SRTP media encryption)

Is it as simple as Generate CSR on call manager, create certificate on DC, upload to call manager?

Almost except you mean tomcat, not the callmanager process. You also need to restart the Tomcat service at the end of that sequence. Be sure that your certficate template on the MS CA matches the requirements:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/9_1_1/CUCM_BK_C5D96C80_00_cucm-os-admin-guide-91_chapter_0110.html#CUCM_RF_TF4B6BF0_00

Please remember to rate helpful responses and identify helpful or correct answers.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎10-03-2013 06:29 PM 

Is there any possibility that this will break anything?

Yes if your cluster is in mixed mode (i.e. doing TLS/IPsec-protected signaling or SRTP media encryption)

Is it as simple as Generate CSR on call manager, create certificate on DC, upload to call manager?

Almost except you mean tomcat, not the callmanager process. You also need to restart the Tomcat service at the end of that sequence. Be sure that your certficate template on the MS CA matches the requirements:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/9_1_1/CUCM_BK_C5D96C80_00_cucm-os-admin-guide-91_chapter_0110.html#CUCM_RF_TF4B6BF0_00

Please remember to rate helpful responses and identify helpful or correct answers.

0 Helpful

Go to solution
oasislegal
Level 1
Level 1
In response to Jonathan Schulenberg

‎10-04-2013 01:52 PM

I can see the certificates in our Call Manager web interface in Cisco OS Administration>Security>Certificates.

When you say tomcat, are you saying I don't use the above, but should be in a different iterface?

Sorry I'm a bit of a noob with this...

0 Helpful

Go to solution
oasislegal
Level 1
Level 1
In response to Jonathan Schulenberg

‎10-08-2013 05:45 PM

Hi again Jon- thanks for the reply. I successfully installed the tomcat & tomcat-trust certificate tonight on our call managers.

For anyone else installing certiciates, this page showed step by step what you need to do.

http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080b43504.shtml

0 Helpful

Go to solution
ckgilliam
Level 1
Level 1

‎01-30-2014 03:26 PM

I am attempting the instructions but on our windows server the web option is not listed any ideas?

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents