Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Certificate for CallManager user page web access

Dear all,

My customer is using CallManager version 7.1. Whenever user access the CallManager user web page by Internet Explorer 7, user get a page talking about the website's security certificate. They need to click on "Continue to this website".

May I ask can this problem be solved by installing a suitable certificate?

Also,user will access this server from internal(by key in private IP address) and Internet(by key in real public IP address). May I ask after I install a suitable certificate, will customer not receive such security message no matter access from internal (by key in private IP addres) and Internet (by key in real public IP address)?

thanks a lot

David

2 REPLIES
VIP Super Bronze

Re: Certificate for CallManager user page web access

You can install a certificate that is signed by a CA that the clients trust. If the customer has an internal CA, they can use that. Otherwise they can buy a certificate from a CA such as Verisign.

You need to import the CA root certificate into the "tomcat-trust" store. You can generate a CSR for tomcat and import that as the "tomcat" certificate after it is signed. I would recommend downloading the self-signed certificate before deleting it AFTER you have uploaded your new certificates. This must be done for every server in the cluster.

Cisco Unified Communications Operating System Administration Guide, Release 7.1(2)

http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucm/cucos/7_1_2/cucos/osg_712_cm.html

As a side note: I don't recommend making UCM available directly from the internet. Typical deployments require VPN access so a firewall can protect it more effectively.

Please remember to rate helpful responses and identify helpful or
Red

Re: Certificate for CallManager user page web access

The security warning was because the client PC does not trust the CUCM certificate.

There's are two scenarios when the certificate is not trusted:

Scenario 1: The issuer of the cert is not in PC's trust store.

Solution: This can be fixed by viewing the cert and import it into the trust store.

Scenario 2: The hostname you're using to request the HTTPS does not match the name in the certificate. e.g. you type https://192.168.1.100. But the name in certificate is cucm.acme.local

Solution: If you're running CUCM 7, you may use "set web-security" command to add alternate name to the cert.

Michael

http://htluo.blogspot.com

1134
Views
0
Helpful
2
Replies