I wonder if anyone has any documentation regarding uploading a single certificate to all the subs and pub within CUCM?
I only need this certificate applied to the CUCM web pages.
Call Manager 10.5
Thanks in advance.
Create the CSR tomcat as multi-san, make sure that all your servers are there, if the CN has -ms at the end and you're going to use a public CA, adjust the CN as necessary, have it signed, then upload the certificate, as it's multi-san, it will be distributed to all the servers.
Thank you for your reply.
Can I ask a couple of things?
As I am running 10.5 and have 1 certificate with all my publisher, subscriber and Unity servers listed on that cert, when I upload this cert to the Publisher, will the publisher propagate down those certificates automatically?
Also, as I do not want to update ANY other certificate other than the web page (i.e. I DONT want to update the certificates else where such as the phones), will this have a service impact on my users (will the phones reset?)
Lastly, how do I upload the certificate? Which option do I choose? Tomcat or Tomcat-Turst or something else??
Thanks in advance
You CANNOT use the same certificate for CUCM and CUC. You need to generate a CSR for CUCM, and another one for CUC.
But yes, the certificates do propagate to other servers in the SAME cluster.
No, Tomcat certificate will just ask you to restart tomcat service, it would just affect tomcat related features, like web pages, directories, EM, etc.
You upload root/intermediate certificates to the x-trust store for which you generated the CSR, and you upload the server certificate to match the x of the trust store. ie tomcat-trust and tomcat.