10-20-2015 06:24 AM - edited 03-19-2019 10:15 AM
Hi
I used a Microsoft CA to sign the generated CSR from CUCM, CUC and IMP. I then installed the root CA on all these servers as tomcat-trust and uploaded the server signed certificates as tomcat. These servers are still using self signed certs after issuing the command
utils service restart Cisco Tomcat. Show web-security shows the root CA as the issuer of the UC app cert. Been battling this for sometime, what am I missing?
Thanks
Solved! Go to Solution.
10-20-2015 06:37 AM
What version??
I just uploaded a video yesterday on that procedure
https://supportforums.cisco.com/video/12675036/how-sign-certificates-microsoft-ca
Rob mentioned a few days ago a bug that you also had to restart the TFTP service, might want to try that.
Do you actually see the certs you uploaded under cert management???
10-20-2015 06:35 AM
Hi Nkechi,
Please ensure that you are uploading the intermediate certificates as well to the OS Admin as tomcat-trust if they are part of the chain.
Refer to below post for more information on this:
https://supportforums.cisco.com/document/30501/cucm-uploading-ccmadmin-web-gui-certificates
If you still cannot find a way around, let me know the exact steps you are following in order to apply the CA -Signed certificate. Post all the steps i.e., from generating the CSR, getting it signed, uploading it back everything.
Regards
Deepak
10-20-2015 06:37 AM
What version??
I just uploaded a video yesterday on that procedure
https://supportforums.cisco.com/video/12675036/how-sign-certificates-microsoft-ca
Rob mentioned a few days ago a bug that you also had to restart the TFTP service, might want to try that.
Do you actually see the certs you uploaded under cert management???
10-20-2015 07:55 AM
Thanks all
Jamie video cleared it up for me. I was good with the tomcat cert, for some dumb reason I was expecting the callmanager cert to change as well. For other dumb @$$ like me out there :) you need to do the same procedure for each self signed cert.
Nki
10-20-2015 06:42 AM
Can you post a screen shot of the certificate from web browser, simply click on view certificate next to the URL link.
Also, I am assuming you issued the certs with FQDNs and not IP addresses, if so ensure you point to FQDNs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide