CUCM CA generated Certificate - how to get access to private key

Unanswered Question
Jul 17th, 2009

My management is wanting me to get rid of the certificate error messages when users access the CCMUser website. We are running CUCM 7.0(2).

I think I understand the instructions for generating the CSR and uploading the CA generated certificate as well as the CA's own certificate.

My question is what if I have to rebuild the system (with the same name) due to a system dying? If I understand correctly, I would need access to the private key in order to re-import the CA generated certificate. Where would I get a hold of that private key for secure storage in that situation.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ivillegas Thu, 07/23/2009 - 14:47

Certificates are not replicated because they are something that is specific to the server. Even though you normally won't run into any security issues by re-using a certificate, best practice recommendations for PKI require each server to have its own certificate, and strongly recommend a new certificate for a server rebuild.

If the CSR and private key were generated by ACS, then it will be in a file already.

If the certificate was entirely generated on the CA server, then the private key is in Windows storage along with the certificate.

You can double-click on enclosed file to get into certificate storage on your machine, and export the certificate as a PFX file, which includes the private key. Make sure to mark it exportable, and NOT turn on strong key protection. It is advisable to protect it with a lengthy password.


This Discussion