CallManager AXL and Webdialer customer CA certificate

Answered Question
May 10th, 2010

Hi,

I'm using CUCM7.01 and AXL and Webdialer requests. I have to use the customer's CA certificate for the user's browsers to accept automaticaly the CUCM certificate.

1) Do I have to configure the CUCM with DNS and domain name to have the FQDN in the CSR ? or simply enter the host A in DNS for user's name resolution without the CUCM having a domain name and having only hostname in CSR ?

2) Which of theese (CallManager or Tomcat certificate) do I have to upload for Webdialer and for AXL requests ?

Thanks in advance

Guy

I have this problem too.
0 votes
Correct Answer by htluo about 6 years 6 months ago

1) Do I have to configure the CUCM with DNS and domain name to have  the FQDN in the CSR ?

Yes, you do.

2) Which of theese (CallManager or Tomcat  certificate) do I have to upload for Webdialer and for AXL requests ?

Tomcat.

Michael

http://htluo.blogspot.com

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
htluo Mon, 05/10/2010 - 11:06

1) Do I have to configure the CUCM with DNS and domain name to have  the FQDN in the CSR ?

Yes, you do.

2) Which of theese (CallManager or Tomcat  certificate) do I have to upload for Webdialer and for AXL requests ?

Tomcat.

Michael

http://htluo.blogspot.com

guy.richard Mon, 05/10/2010 - 11:34

Hi Michael and Thanks so much.

In fact I've developped a very simple script which "webdials" using Windows session user, then retrieving user related phone configuration with axl request and then then webdialing with proxy rights. So the user do not have to authenticate and do not have to accept cookies. But he has to accept the CUCM certificate for the script to work. It is not allowed in the customer's security rules if the certificate is self-signed.

One more question, when installing CUCM with DNS, does it have to see DNS server during install ?

I tried to configure this on a VMWare after install, I am no more able to reach cmplatform url (err 404) all other url's work well. Do you have any idea ?

Kind Regards

Guy

htluo Mon, 05/10/2010 - 11:38

You don't need DNS on CUCM.  Setting the domain name on CUCM *just* to get it into CSR.

As long as the client computer can resolve the name in certificate via DNS, you're fine.

Michael

guy.richard Mon, 05/10/2010 - 13:47

Hi Michael

When I try to configure a domain name (set network domain domain.name) the error message is

"Changing the networking domain name has no effect on the system because DNS is disabled"

htluo Mon, 05/10/2010 - 13:49

Ya, that sounds pretty stupid.  Then you'll have to configure DNS.

My point was: the domain name doesn't have to be DNS resolvable.

guy.richard Mon, 05/10/2010 - 14:04

I hope I'll have no trouble with CUCM resolution, when DNS is configured in CUCM, does it use DNS for all resolutions in the cluster or does it still use host table ?

htluo Mon, 05/10/2010 - 14:14

It'll do both.  You may use the command "utils network host cucm.mydomain.com" to test.  You'll see that CUCM was trying to resolve it with host table and DNS (if configured).

Michael

Actions

This Discussion