cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
901
Views
0
Helpful
5
Replies

Callmanager Subscriber crashed lost certificate

lkinchen
Level 1
Level 1

on my subscribers crashed the other day.  after we were able get back up we found out that the certificates are messed up  also. is there a way a can get a new certificates without reinstalling the entire software?

ccm v. 4.1.3 subscriber.

5 Replies 5

David Hailey
VIP Alumni
VIP Alumni

I assume you are talking about the SSL certificate for IIS, is this correct?

Yes, david it is..

I'll have to double check documentation but off-hand I don't see any

reason why you can't regenerate new certs via IIS and then install

just like you would if you were enabling SSL on any Windows box. I'm

not on the forum right now so refresh me, this CCM 4.1 right on Win2K.

Sent from my iPhone

On Mar 22, 2010, at 9:07 AM, lkinchen

Yes, that is correct..

So, you can see if you can recover the default certificate or just install a new certificate.  The simplest way to do this is to configure a standalone root CA in Windows.  The information you need to know about the cert is when you install/upgrade Cisco CallManager, the SSL self-signed certificate, httpscert.cer, automatically installs on  the IIS default website that hosts the Cisco CallManager virtual  directories, which include CCMAdmin, CCMService, CCMUser, AST, BAT,  RTMTReports, CCMTraceAnalysis, PktCap, ART, and  CCMServiceTraceCollectionTool. The SSL certificate gets stored in the  C:\Program Files\Cisco\Certificates directory. If you prefer to do so, you can install a server authentication certificate from a certificate  authority and use it instead of the SSL self-signed certificate. To  use the certificate authority certificate after the Cisco CallManager  installation/upgrade, you must delete the self-signed certificate, as  described in the Cisco CallManager Security Guide.  Then, you install the server authentication certificate that is  provided by the certificate authority, as described in the certificate  authority documentation.

Windows, well TechNet, has more than ample info on setup of a standalone root CA unless you decide to go with a 3rd-party like Verisign.  You may be able to recover the original certificate from the Subscriber.  I'd see if the file is still there and then check the IIS settings to see if it needs to just be reassociated with the Default Web Site.

Hailey

Please rate helpful posts!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: