Callmanager Subscriber crashed lost certificate

Unanswered Question
Mar 19th, 2010
User Badges:

on my subscribers crashed the other day.  after we were able get back up we found out that the certificates are messed up  also. is there a way a can get a new certificates without reinstalling the entire software?

ccm v. 4.1.3 subscriber.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
David Hailey Fri, 03/19/2010 - 15:43
User Badges:
  • Purple, 4500 points or more

I assume you are talking about the SSL certificate for IIS, is this correct?

David Hailey Mon, 03/22/2010 - 06:18
User Badges:
  • Purple, 4500 points or more

I'll have to double check documentation but off-hand I don't see any

reason why you can't regenerate new certs via IIS and then install

just like you would if you were enabling SSL on any Windows box. I'm

not on the forum right now so refresh me, this CCM 4.1 right on Win2K.

Sent from my iPhone

On Mar 22, 2010, at 9:07 AM, lkinchen

David Hailey Mon, 03/22/2010 - 07:44
User Badges:
  • Purple, 4500 points or more

So, you can see if you can recover the default certificate or just install a new certificate.  The simplest way to do this is to configure a standalone root CA in Windows.  The information you need to know about the cert is when you install/upgrade Cisco CallManager, the SSL self-signed certificate, httpscert.cer, automatically installs on  the IIS default website that hosts the Cisco CallManager virtual  directories, which include CCMAdmin, CCMService, CCMUser, AST, BAT,  RTMTReports, CCMTraceAnalysis, PktCap, ART, and  CCMServiceTraceCollectionTool. The SSL certificate gets stored in the  C:\Program Files\Cisco\Certificates directory. If you prefer to do so, you can install a server authentication certificate from a certificate  authority and use it instead of the SSL self-signed certificate. To  use the certificate authority certificate after the Cisco CallManager  installation/upgrade, you must delete the self-signed certificate, as  described in the Cisco CallManager Security Guide.  Then, you install the server authentication certificate that is  provided by the certificate authority, as described in the certificate  authority documentation.

Windows, well TechNet, has more than ample info on setup of a standalone root CA unless you decide to go with a 3rd-party like Verisign.  You may be able to recover the original certificate from the Subscriber.  I'd see if the file is still there and then check the IIS settings to see if it needs to just be reassociated with the Default Web Site.


Please rate helpful posts!


This Discussion