Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1670
Views
15
Helpful
4
Replies

Queston about Unity Connection certificates

Go to solution
FAST-DETECT
Level 1
Level 1

‎04-16-2022 07:17 AM

Hey guys,

 

I just upgraded our unity connection server 11.5 from 11900 to 22900. Upgrade went well (according to logs) and the box boots 22900 (according to the console prompt). However the tomcat services were not coming up (no https possible)

 

While looking through the console, I got spammed with expired certificate messages, and realized that the certficates actually had expired. I regenerated the tomcat certificate via the CLI console and restarted tomcat. After a short time the https services like unity administration page and OS administration page were back up.

 

I continued within the webinterface to regenerate the remaining certificates. However there are two certificates that I can't renew: callmanger-trust in the RSA and EC variant. I remembered that trust certificates needed to be deleted before they can be regenerated so I delted the EC version. (Might have been a mistake though).

 

When I click the "generate certifcate" button it doesn't let me select a callmanger certificate. Only options on Unity Connection are:

  • tomcat
  • tomcat-ECDSA
  • ipsec
  • authz

I wonder where that callmanger-trust certificate comes from. It is *not* the callmanger certificate from my CUCM box, because it clearly says:  cuc.dmain.tld with the certificate which is the hostname of my Unity connection. My CUCM box is called cucm.domain.tld 

 

Also on my cucm the callmanger-trust certficate has a differnt fingerprint. Since I don't use SIP SSL between the systems and have never installed a callmanger-trust certificate on the CUC box I wonder where it comes from and if it is actually needed - and if so how do I regenerate it?

 

regards

Fabian

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roger Kallberg
VIP
VIP

‎04-16-2022 09:12 AM

The CVOS on CUC and CM was at one point the same, so CUC had the Callmanager certificate. In resent versions this is not so, in these the Callmanager certificate is not actually needed.



Response Signature


View solution in original post

4 Replies 4

Go to solution
Roger Kallberg
VIP
VIP

‎04-16-2022 09:12 AM

The CVOS on CUC and CM was at one point the same, so CUC had the Callmanager certificate. In resent versions this is not so, in these the Callmanager certificate is not actually needed.



Response Signature


Go to solution
Sadav Ansari
VIP Alumni
VIP Alumni

‎04-16-2022 10:12 AM

There is no Call manager certificate on CUC because Call manager services not applicable for cuc its only for cucm.

 

So once you regenerate the Call manager trust certificate on CUCm it will automatically regenerate on CUC, IMP.

you need to restart all the nodes on you cluster.

 

Pls rate if its “Helpful”. If this answered your question pls click “Accept as Solution”.

 

Sadav Ansari 

Go to solution
Roger Kallberg
VIP
VIP
In response to Sadav Ansari

‎04-16-2022 10:23 AM

AFAIK the CM Callmanager certificate is not distributed to CUC automatically. There is no such tight integration between these two.



Response Signature


Go to solution
FAST-DETECT
Level 1
Level 1
In response to Roger Kallberg

‎04-16-2022 10:56 AM

Yes, it doesn't seem to be distributed automatically. However between cucm and cuimp certificates are exchanged automaticall.

 

Also thanks for your swift replies, saved my easter weekend

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents