cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1299
Views
0
Helpful
2
Replies

Certificate for CallManager user page web access

dhcchan
Level 1
Level 1

Dear all,

My customer is using CallManager version 7.1. Whenever user access the CallManager user web page by Internet Explorer 7, user get a page talking about the website's security certificate. They need to click on "Continue to this website".

May I ask can this problem be solved by installing a suitable certificate?

Also,user will access this server from internal(by key in private IP address) and Internet(by key in real public IP address). May I ask after I install a suitable certificate, will customer not receive such security message no matter access from internal (by key in private IP addres) and Internet (by key in real public IP address)?

thanks a lot

David

2 Replies 2

Jonathan Schulenberg
Hall of Fame
Hall of Fame

You can install a certificate that is signed by a CA that the clients trust. If the customer has an internal CA, they can use that. Otherwise they can buy a certificate from a CA such as Verisign.

You need to import the CA root certificate into the "tomcat-trust" store. You can generate a CSR for tomcat and import that as the "tomcat" certificate after it is signed. I would recommend downloading the self-signed certificate before deleting it AFTER you have uploaded your new certificates. This must be done for every server in the cluster.

Cisco Unified Communications Operating System Administration Guide, Release 7.1(2)

http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucm/cucos/7_1_2/cucos/osg_712_cm.html

As a side note: I don't recommend making UCM available directly from the internet. Typical deployments require VPN access so a firewall can protect it more effectively.

htluo
Level 9
Level 9

The security warning was because the client PC does not trust the CUCM certificate.

There's are two scenarios when the certificate is not trusted:

Scenario 1: The issuer of the cert is not in PC's trust store.

Solution: This can be fixed by viewing the cert and import it into the trust store.

Scenario 2: The hostname you're using to request the HTTPS does not match the name in the certificate. e.g. you type https://192.168.1.100. But the name in certificate is cucm.acme.local

Solution: If you're running CUCM 7, you may use "set web-security" command to add alternate name to the cert.

Michael

http://htluo.blogspot.com

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: