Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1509
Views
5
Helpful
4
Replies

CUCM, CUC and IMP Certificate install

Go to solution
Nkechi Latunji
Level 1
Level 1

‎10-20-2015 06:24 AM - edited ‎03-19-2019 10:15 AM

Hi

I used a Microsoft CA to sign the generated CSR from CUCM, CUC and IMP. I then installed the root CA on all these servers as tomcat-trust and uploaded the server signed certificates as tomcat. These servers are still using self signed certs after issuing the command

 

utils service restart Cisco Tomcat. Show web-security shows the root CA as the issuer of the UC app cert. Been battling this for sometime, what am I missing?

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎10-20-2015 06:37 AM

What version??

I just uploaded a video yesterday on that procedure

https://supportforums.cisco.com/video/12675036/how-sign-certificates-microsoft-ca

Rob mentioned a few days ago a bug that you also had to restart the TFTP service, might want to try that.

Do you actually see the certs you uploaded under cert management???

HTH

java

if this helps, please rate

View solution in original post

4 Replies 4

Go to solution
Deepak Rawat
Cisco Employee
Cisco Employee

‎10-20-2015 06:35 AM

Hi Nkechi,

 

Please ensure that you are uploading the intermediate certificates as well to the OS Admin as tomcat-trust if they are part of the chain.

 

Refer to below post for more information on this:

https://supportforums.cisco.com/document/30501/cucm-uploading-ccmadmin-web-gui-certificates

 

If you still cannot find a way around, let me know the exact steps you are following in order to apply the CA -Signed certificate. Post all the steps i.e., from generating the CSR, getting it signed, uploading it back everything.

 

Regards

Deepak

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎10-20-2015 06:37 AM

What version??

I just uploaded a video yesterday on that procedure

https://supportforums.cisco.com/video/12675036/how-sign-certificates-microsoft-ca

Rob mentioned a few days ago a bug that you also had to restart the TFTP service, might want to try that.

Do you actually see the certs you uploaded under cert management???

HTH

java

if this helps, please rate

Go to solution
Nkechi Latunji
Level 1
Level 1
In response to Jaime Valencia

‎10-20-2015 07:55 AM

Thanks all

Jamie video cleared it up for me. I was good with the tomcat cert, for some dumb reason I was expecting the callmanager cert to change as well. For other dumb @$$ like me out there :) you need to do the same procedure for each self signed cert.

 

Nki

0 Helpful

Go to solution
Chris Deren
Hall of Fame
Hall of Fame

‎10-20-2015 06:42 AM

Can you post a screen shot of the certificate from web browser, simply click on view certificate next to the URL link. 

Also, I am assuming you issued the certs with FQDNs and not IP addresses, if so ensure you point to FQDNs.

0 Helpful
Customers Also Viewed These Support Documents