CUCM tomcat certificate

Unanswered Question
Aug 31st, 2009


I have a CUCM 6.1.3 cluster. I would like to generate a custom certificate for tomcat service in order to control warnings in the CCMUser webpage.

I followed the Security guide:

1. Generated a CSR.

2. Downloaded it.

3. Generated a certificate thanks to a CA.

4. Uploaded the tomcat-trust CA certificate.

5. Uploaded the issued CUCM certificate.

6. Restarted the Tomcat service.

Everything is working:

- The new SSL certificate is the new one I uploaded, trusted by my own CA (checked in the cert properties).

This new certificate contains a CN equals to "hostname.domain name given during the installation" (ie. cucmlab.voip.local).

Now, I would like to give to users a user-friendly URL like "" resolved by the DNS to my CUCM first node.

But I don't know how. The generated CSR contains automatically a default CN built with the hostname of the node and the domain name given during installation. I cannot specify a custom CN like "".

Is there a solution to force the CN or the CSR in order to generate a certificate in relation with the user-friendly URL?

Thank you for your help.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
shawilson Mon, 08/31/2009 - 10:53


It sounds like you will need to issue a certificate that contains Subjet Alternate Names; or a SAN certificate to accomplish this. It allows you to have multiple names in one web certificate. Just do a search for creating SAN certificates in google and you will get tons of info.

Yorick Petey Mon, 08/31/2009 - 22:55


I think you are right, SAN certificate is the solution of our needs.

I did some searches on the NetPro forum and apparently there is a command to add an Alternate Name to the CSR: "set web-security alternate-host-name hostname".

Unfortunately, this command seems to be present only from the 7.0 versions and I run a 6.1.3 version...

If someone knows a workaround, customer will keep the certificate error messages until he will upgrade to 7.1. :(

Bad news.



This Discussion