Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1747
Views
0
Helpful
4
Replies

CUCM Cluster Certificate

Sue Fallon
Level 1
Level 1

‎03-30-2017 04:09 AM - edited ‎03-19-2019 12:17 PM

Hello,

I wonder if anyone has any documentation regarding uploading a single certificate to all the subs and pub within CUCM?

I only need this certificate applied to the CUCM web pages.

Call Manager 10.5

Thanks in advance.

Sue

Labels:
0 Helpful
4 Replies 4

Jitender Bhandari
Cisco Employee
Cisco Employee

‎03-30-2017 04:38 AM

Hi Sue,

I think below should help

https://supportforums.cisco.com/document/30501/cucm-uploading-ccmadmin-web-gui-certificates

(Rate if it helps)

JB

0 Helpful

Jaime Valencia
Cisco Employee
Cisco Employee

‎03-30-2017 07:02 AM

Create the CSR tomcat as multi-san, make sure that all your servers are there, if the CN has -ms at the end and you're going to use a public CA, adjust the CN as necessary, have it signed, then upload the certificate, as it's multi-san, it will be distributed to all the servers.

HTH

java

if this helps, please rate
0 Helpful

Sue Fallon
Level 1
Level 1
In response to Jaime Valencia

‎03-30-2017 08:05 AM

Thank you for your reply.

Can I ask a couple of things?

As I am running 10.5 and have 1 certificate with all my publisher, subscriber and Unity servers listed on that cert, when I upload this cert to the Publisher, will the publisher propagate down those certificates automatically?

Also, as I do not want to update ANY other certificate other than the web page (i.e. I DONT want to update the certificates else where such as the phones), will this have a service impact on my users (will the phones reset?)

Lastly, how do I upload the certificate? Which option do I choose? Tomcat or Tomcat-Turst or something else??

Thanks in advance

S

0 Helpful

Jaime Valencia
Cisco Employee
Cisco Employee
In response to Sue Fallon

‎03-30-2017 09:00 AM

You CANNOT use the same certificate for CUCM and CUC. You need to generate a CSR for CUCM, and another one for CUC.

But yes, the certificates do propagate to other servers in the SAME cluster.

No, Tomcat certificate will just ask you to restart tomcat service, it would just affect tomcat related features, like web pages, directories, EM, etc.

See below

http://docwiki.cisco.com/wiki/Certificates_FAQ

https://youtu.be/SiCfhqlJyZI

You upload root/intermediate certificates to the x-trust store for which you generated the CSR, and you upload the server certificate to match the x of the trust store. ie tomcat-trust and tomcat.

HTH

java

if this helps, please rate
0 Helpful
Customers Also Viewed These Support Documents