03-19-2010 10:17 AM
on my subscribers crashed the other day. after we were able get back up we found out that the certificates are messed up also. is there a way a can get a new certificates without reinstalling the entire software?
ccm v. 4.1.3 subscriber.
03-19-2010 03:43 PM
I assume you are talking about the SSL certificate for IIS, is this correct?
03-22-2010 06:06 AM
Yes, david it is..
03-22-2010 06:18 AM
I'll have to double check documentation but off-hand I don't see any
reason why you can't regenerate new certs via IIS and then install
just like you would if you were enabling SSL on any Windows box. I'm
not on the forum right now so refresh me, this CCM 4.1 right on Win2K.
Sent from my iPhone
On Mar 22, 2010, at 9:07 AM, lkinchen
03-22-2010 06:32 AM
Yes, that is correct..
03-22-2010 07:44 AM
So, you can see if you can recover the default certificate or just install a new certificate. The simplest way to do this is to configure a standalone root CA in Windows. The information you need to know about the cert is when you install/upgrade Cisco CallManager, the SSL self-signed certificate, httpscert.cer, automatically installs on the IIS default website that hosts the Cisco CallManager virtual directories, which include CCMAdmin, CCMService, CCMUser, AST, BAT, RTMTReports, CCMTraceAnalysis, PktCap, ART, and CCMServiceTraceCollectionTool. The SSL certificate gets stored in the C:\Program Files\Cisco\Certificates directory. If you prefer to do so, you can install a server authentication certificate from a certificate authority and use it instead of the SSL self-signed certificate. To use the certificate authority certificate after the Cisco CallManager installation/upgrade, you must delete the self-signed certificate, as described in the Cisco CallManager Security Guide. Then, you install the server authentication certificate that is provided by the certificate authority, as described in the certificate authority documentation.
Windows, well TechNet, has more than ample info on setup of a standalone root CA unless you decide to go with a 3rd-party like Verisign. You may be able to recover the original certificate from the Subscriber. I'd see if the file is still there and then check the IIS settings to see if it needs to just be reassociated with the Default Web Site.
Hailey
Please rate helpful posts!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: