Uploading CA Public Certificates to Cisco Unity Connection 8.5 & later

Document

Jan 17, 2012 8:38 PM
Jan 17th, 2012

Introduction

When you created unified messaging services, if you selected the option to validate certificates for Exchange servers or for Active Directory domain controllers (DCs), you must upload the public certificates from the certification authority (CA) that signed the certificates on the Exchange servers and DCs. Otherwise, Connection cannot communicate with Exchange servers or with DCs to find Exchange servers, and unified messaging functionality will not work.

Requirement

Unity Connection 8.5

Exchange server

Configuration Steps

SSL certificates are not already installed


1. If you have selected the option to validate certificates for Exchange servers, and if SSL certificates are not already installed on all of the following servers: Get         and install certificates:


Exchange 2010 client access servers.

Exchange 2007 client access servers, if there are Exchange 2007 mailboxes that you want Connection to be able to access.

Exchange 2003 servers, if any, on which there are mailboxes that you want Connection to be able to access.

In addition, if you selected the option to validate certificates for Active Directory domain controllers, and if SSL certificates are not already installed on your DCs, get and install certificates.

2. If you used an external CA (for example, Verisign) to issue the SSL certificates installed on the servers listed in Task 1., and if you have the public          certificates for the CA in .pem format: Save the files to a network location accessible to the Connection server. Then skip to step 6.


3. If you used Microsoft Certificate Services or Active Directory Certificate Services to issue the SSL certificates, or if you used an external CA and you do        not have the public certificate for the CA in .pem format: Download and install OpenSSL or another application that can convert public certificates to  .pem          format. Connection cannot upload public certificates in other formats.


4.If you used Microsoft Certificate Services, Active Directory Certificate Services, or an external CA, and if you do not have public certificates in .pem      format: Use the application that you downloaded in step 3 to convert the public certificate to .pem format, and save the file to a network location      accessible to the Connection server.

Upload the public certificates to the Connection server


5. Upload the public certificates to the Connection server by following the below steps:-

Step 1 On the Connection server, sign in to Cisco Unified Operating System Administration.


Step 2 On the Security menu, select Certificate Management.

Step 3 Select Upload Certificate.


Step 4 In the Certificate Name list, select tomcat-trust.

Step 5 Optional: Enter a description (for example, the name of the certification authority) in the Description field.


Step 6 Select Browse.


Step 7 Browse to the location where you saved the public certificates in .pem format, and select one of the converted certificates.

Step 8 Select Upload File.


Step 9 Repeat step 3 through step 8, but select Connection-trust in the Certificate Name list.

Step 10 If you have public certificates from more than one certification authority, repeat step 3 through step 9 for the remaining certificates.

Save the Public Certificate to a File


6. If you used Microsoft Certificate Services to issue the SSL certificates. Follow the below steps:-

Step 1 Sign in to the server on which you installed Microsoft Certificate Services and issued SSL certificates for the following servers:


Exchange 2010 client access servers.

Exchange 2007 client access servers, if there are Exchange 2007 mailboxes that you want Connection to be able to access.

Exchange 2003 servers, if any, on which there are mailboxes that you want Connection to be able to access.

Active Directory domain controllers that the Connection server might access.

Step 2 On the Windows Start menu, select Programs > Administrative Tools > Certification Authority.

Step 3 In the left pane of the Certification Authority MMC, right-click the server name, and select Properties.

Step 4 In the <servername> Properties dialog box, on the General tab, select View Certificate.

Step 5 In the Certificate dialog box, select the Details tab.

Step 6 On the Details tab, select Copy to File.

Step 7 On the Welcome to the Certificate Export Wizard page, select Next.

Step 8 On the Export File Format page, select Next to accept the default value of DER Encoded Binary X.509 (.CER).

Step 9 On the File to Export page, specify the full path of the public certificate, including a location that is accessible to the Connection server, and a file name.

Step 10 Select Next.

Step 11 On the Completing the Certificate Export Wizard page, select Finish.

Step 12 Select OK three times to close a message box and two dialog boxes.

Step 13 Close the Certification Authority MMC.

Step 14 If you issued SSL certificates for all of the servers listed in step 1 by using the same installation of Microsoft Certificate Services, you are finished with                  this procedure. Return to the task list for this section.

If you issued SSL certificates for all of the servers listed in step 1 by using different installations of Microsoft Certificate Services, repeat  step 1 through step 13 to get one public certificate for each instance of Microsoft Certificate Services. Then return to the task list for this section.


Related links

Troubleshooting Cisco Unity Connection certificate errors

Troubleshooting Cisco Unity Connection issues

Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Document

Posted January 17, 2012 at 8:38 PM
Stats:
Comments:0 Avg. Rating:0
Views:2509 Contributors:0
Shares:0

Related Content