cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
1347
Views
0
Helpful
4
Replies
Sue Fallon
Beginner

CUCM Cluster Certificate

Hello,

I wonder if anyone has any documentation regarding uploading a single certificate to all the subs and pub within CUCM?

I only need this certificate applied to the CUCM web pages.

Call Manager 10.5

Thanks in advance.

Sue

4 REPLIES 4
Jitender Bhandari
Cisco Employee

Hi Sue,

I think below should help

https://supportforums.cisco.com/document/30501/cucm-uploading-ccmadmin-web-gui-certificates

(Rate if it helps)

JB

Jaime Valencia
Hall of Fame Cisco Employee

Create the CSR tomcat as multi-san, make sure that all your servers are there, if the CN has -ms at the end and you're going to use a public CA, adjust the CN as necessary, have it signed, then upload the certificate, as it's multi-san, it will be distributed to all the servers.

HTH

java

if this helps, please rate

Thank you for your reply.

Can I ask a couple of things?

As I am running 10.5 and have 1 certificate with all my publisher, subscriber and Unity servers listed on that cert, when I upload this cert to the Publisher, will the publisher propagate down those certificates automatically?

Also, as I do not want to update ANY other certificate other than the web page (i.e. I DONT want to update the certificates else where such as the phones), will this have a service impact on my users (will the phones reset?)

Lastly, how do I upload the certificate? Which option do I choose? Tomcat or Tomcat-Turst or something else??

Thanks in advance

S

Jaime Valencia
Hall of Fame Cisco Employee

You CANNOT use the same certificate for CUCM and CUC. You need to generate a CSR for CUCM, and another one for CUC.

But yes, the certificates do propagate to other servers in the SAME cluster.

No, Tomcat certificate will just ask you to restart tomcat service, it would just affect tomcat related features, like web pages, directories, EM, etc.

See below

http://docwiki.cisco.com/wiki/Certificates_FAQ

https://youtu.be/SiCfhqlJyZI

You upload root/intermediate certificates to the x-trust store for which you generated the CSR, and you upload the server certificate to match the x of the trust store. ie tomcat-trust and tomcat.

HTH

java

if this helps, please rate
Content for Community-Ad

Spotlight Awards 2021