Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Setting Up Certificate Validation for Jabber clients

Unanswered Question
Jul 24th, 2014
User Badges:


I would like to get certificates signed from private internal CA for Jabber clients. Cisco documentation says it requires HTTP/Tomcat for CUPS, HTTP/Tomcat for CUCM and UCXN[8.6].

The exiting Tomcat certificate has these two files: tomcat.pem, tomcat.der and a bunch of tomcat-trust certificates as well with associated files.

My question is is there any harm in generating a new tomcat certifcate or could I just generate CSR's for the two existing Tomcat files to be signed? When you generate a new Tomcat certificate does it create or overwrite the .pem and .der? I don't want to break anything in this process so looking for some feedback.




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jonathan Schulenberg Sat, 07/26/2014 - 15:24
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

Generating a CSR for the Tomcat certificate and installing the signed certificate will replace the .pem/.der file you see listed. Once you sign the CSR and upload the final certificate, you'll need to restart Cisco Tomcat from the CLI for it to pickup the new cert. Anything that is in a -trust store is something that server will accept during a TLS/SSL handshake, not something it uses itself.


This Discussion