Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2882
Views
15
Helpful
4
Replies

CUCM Tomcat Certificate import problem

Go to solution
Michiel Vercoutter
Level 1
Level 1

‎12-28-2020 11:50 PM - edited ‎12-29-2020 12:11 AM

Hi,

I have a problem uploading a GlobalSign signed certificate as tomcat certificate on my 11.5.1 CUCM.

Uploading the certificate as Callmanager-Trust certificate worked perfectly. However, when I try to upload it as tomcat certificate, I get the error 'File '/usr/local/platform/.security/tomcat/keys/tomcat.csr' does not exist'.

 

When selecting tomcat as certificate purpose in the certificate upload wizard, the description is automatically set as 'Self-signed certificate'. For the other certificate purposes, this is left blank.

 

I can also upload the certificate as a tomcat-trust certificate (it lists the new expiration date in the Certificate List), but as soon as I restart the Tomcat service, the new certificate is gone and the old one is back.

 

I do not think the certificate was created based on a CUCM-generated CSR (someone else my company sent me this cert so i'm unsure). Is generating a CSR first the only way to do it?

 

I am fairly new to certificates. Is their anyone that can shed some light on this?

 

Thanks in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nithin Eluvathingal
VIP
VIP
In response to Michiel Vercoutter

‎12-29-2020 04:32 AM

You can generate self signed certificate from CUCM

 

Or if you need to use a CA signed certificate generate a csr, get it signed by internal or external CA.

 

you need to generate csr each time. 

 

 



Response Signature


View solution in original post

4 Replies 4

Go to solution
Nithin Eluvathingal
VIP
VIP

‎12-29-2020 12:06 AM - edited ‎12-29-2020 12:09 AM

 

 

 Looks like there is no CSR generated for tomcat service. Have you generated the CSR for tomcat ?

 

Upload the Root CA on Tomcat trust first and then upload the server certificate.

 

When selecting tomcat as certificate purpose in the certificate upload wizard, the description is automatically set as 'Self-signed certificate'. For the other certificate purposes, this is left blank. This normal.

 

1.PNG

 

 

 

 

 

 

 



Response Signature


Go to solution
Michiel Vercoutter
Level 1
Level 1
In response to Nithin Eluvathingal

‎12-29-2020 03:51 AM

Thank you for your answer.

 

There is an active cert for tomcat that will expire soon. Is it possible that the new certificates are generated based on this?

Does a new CSR need to be generated every time the tomcat certificate has to be renewed? Or can this be re-used?

 

Thanks in advance.

0 Helpful

Go to solution
Nithin Eluvathingal
VIP
VIP
In response to Michiel Vercoutter

‎12-29-2020 04:32 AM

You can generate self signed certificate from CUCM

 

Or if you need to use a CA signed certificate generate a csr, get it signed by internal or external CA.

 

you need to generate csr each time. 

 

 



Response Signature


Go to solution
Roger Kallberg
VIP
VIP

‎12-29-2020 12:26 AM

You would be able to see in the list if there are any CSR for Tomcat present. If it’s not the certificate was either not created based upon a CSR for Tomcat or the CSR was created on another system. Less likely is that someone removed the CSR. Either way without a CSR you’re not going to be able to upload the CER file.

For any CA there is at least a root certificate to upload into the trust store, likely also an intermediate certificate. Have you uploaded these into the Tomcat trust store?



Response Signature


Customers Also Viewed These Support Documents