07-17-2009 01:56 PM - edited 03-15-2019 07:00 PM
My management is wanting me to get rid of the certificate error messages when users access the CCMUser website. We are running CUCM 7.0(2).
I think I understand the instructions for generating the CSR and uploading the CA generated certificate as well as the CA's own certificate.
My question is what if I have to rebuild the system (with the same name) due to a system dying? If I understand correctly, I would need access to the private key in order to re-import the CA generated certificate. Where would I get a hold of that private key for secure storage in that situation.
Thanks.
Brian
07-23-2009 02:47 PM
Certificates are not replicated because they are something that is specific to the server. Even though you normally won't run into any security issues by re-using a certificate, best practice recommendations for PKI require each server to have its own certificate, and strongly recommend a new certificate for a server rebuild.
If the CSR and private key were generated by ACS, then it will be in a file already.
If the certificate was entirely generated on the CA server, then the private key is in Windows storage along with the certificate.
You can double-click on enclosed file to get into certificate storage on your machine, and export the certificate as a PFX file, which includes the private key. Make sure to mark it exportable, and NOT turn on strong key protection. It is advisable to protect it with a lengthy password.
07-23-2009 03:22 PM
CUCM DRS will back up the certificates.
If you're asking the physical location, it's at /usr/local/platform/.security/tomcat/keys
Michael
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: