Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2937
Views
5
Helpful
0
Replies

Installation of Verisign Intermediate and Root Certificates in CUCM

pwoll
Level 1
Level 1

‎03-08-2013 04:59 PM - edited ‎03-19-2019 06:24 AM

I recently had to replace expired tomcat certs in my CUCM publisher and Unity Connection servers.  After generating a CSR and obtaining a Verisign certificates for the servers, I had problems installing the necessary Verisign intermediate and root CA certificates. 

The TAC helped me out.  Following is a summary of the procedure that worked.

  • On the Verisign website there were four CA certs listed under Standard Intranet: primary intermediate, secondary intermediate, RSA root, DSA root
    • I downloaded the primary and secondary intermediate and saved as primary_intermediate.cer and secondary_intermediate.cer. I downloaded the RSA root and it saved as pca3-g5.cer.
    • Uploaded pca3-g5.cer as Certificate Name tomcat-trust. 
      • Do not enter anything  in the Root Certificate line
      • This installed without a problem
    • Uploaded secondary intermediate.cer as Certificate Name tomcat-trust 
      • Got error: Could not parse certificate: java.io.IOException: Unsupported encoding
      • I opened the .cer on my Firefox browser and the cert showed fine.
      • Selected the Details tab and selected Copy to File
      • I selected the DER encoded binary X.509 format and saved the file 
        • Note that this file still uses .cer as an extension
      • Uploaded this to CUCM as tomcat-trust with Root Certificate listed as the name of the RSA root cert that I just loaded. In my case the name was VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem. Cisco TAC indicated that the suffix must be changed from .der to .pem
      • Now the cert uploads without a problem
    • After doing the same conversion on the primary intermediate cert, attempted to upload as Certificate Name tomcat-trust 
      • Upload failed with error says it’s a duplicate of the root
      • Apparently the primary intermediate cert was a copy of the root, so it wouldn’t load
      • This cert is not required
    • Now uploaded the new Verisign cert that I had purchased as Certificate Name tomcat.
      • Entered the name of the secondary intermediate cert as the Root Certificate, again replacing the suffix with .pem.  In my case the name was VeriSign_Class_3_Secure_Server_CA_-_G3.pem
    • Restarted tomcat from cli
      • Utils service restart tomcat
      • On Unity it was  
        • Utils service restart Cisco Tomcat
2 people had this problem
Labels:
0 Replies 0
Customers Also Viewed These Support Documents