cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3316
Views
0
Helpful
23
Replies

CUCM 10.5 and CSR (security cert)

vipersl65
Level 4
Level 4

When I click on Callamanger and select Generate CRS, there is a field in the popup called Domain name which shows the companyname.com.

In 10.5, I was told that this is required.  Anyone cares to explain in more details?

 

Also, I noticed that there is callmanager and there is also tomcat from Certificate Management.  I select callmanager and use that to generate CSR and I submit it to a 3rd party CA. If I repeat the same process but this time selecting tomcat, the 3rd party CA will complain of a duplicate.  Ideas?  or callmanager alone is good?

 

My goal is to encrypt calls

4 Accepted Solutions

Accepted Solutions

George Thomas
Level 10
Level 10

Tomcat is for Webservice communication. That includes AXL calls and admin webpages.

CallManager is for phone registration, however there is a bug in CallManager Multiserver certificate which causes phones to reset randomly. Is there a reason why you need to have the CallManager server signed by a 3rd party CA? You could use an internal CA or USB tokens to sign it.

Please rate useful posts.

View solution in original post

Correct, you will have to upload the root and intermediate certificate that you receive from Verisign to callmanager-trust first else it will give you an error.

Also, there is a bug in 10.5 that causes phones to reboot if you sign the Callmanager cert. CSCup28852

Please rate useful posts.

View solution in original post

1) The process that I mentioned above is for extracting the root/intermediate certs that you need.

2) What format is the certificate in? ie. what extension does the file have?

Please rate useful posts.

View solution in original post

Can you send me the cert somehow? Fileshare or PM me via the community?

Please rate useful posts.

View solution in original post

23 Replies 23

George Thomas
Level 10
Level 10

Tomcat is for Webservice communication. That includes AXL calls and admin webpages.

CallManager is for phone registration, however there is a bug in CallManager Multiserver certificate which causes phones to reset randomly. Is there a reason why you need to have the CallManager server signed by a 3rd party CA? You could use an internal CA or USB tokens to sign it.

Please rate useful posts.

Its a requirement by the company.

So, if I download the CSR for callmanager and submit it to verisign, I will need to upload it and when  i upload it, do I select callmanager again or callmanager-trust.

 

Can I use that same cert to upload it for tomcat-trust or do I use tomcat?

 

Thanks 

 

 

If you select a CSR for tomcat or CallManager, then the signed certificate will be uploaded to the same location. The signed certificate will have a root and potentially intermediate certs. These certs will be uploaded to the appropriate xxx-trust locations. 

Please rate useful posts.

So, just to confirm, when I downloaded the CSR, I choose callmanager, send it to Verisign, then upload the file I received also by selecting callmanager and thats it?  thanks

 

by the way, when I dowloaded the CSR, its a multi-server csr

Correct, you will have to upload the root and intermediate certificate that you receive from Verisign to callmanager-trust first else it will give you an error.

Also, there is a bug in 10.5 that causes phones to reboot if you sign the Callmanager cert. CSCup28852

Please rate useful posts.

Thanks George. I will take a look at this bug.

 

I only received one file from Verisign though, so what do I do with the intermediate file you mentioned?  thanks

When I uploaded the cert I got from verisign, I selected "calmanager" and when I click ok, it gave me an error about something not found in store.  When i change the selection to "callmanager-trust", the cert uploaded ok.

 

Did I do something wrong?

Thats what I mentioned earlier, you will have to upload the root and intermediate certificate first to callmanager-trust before you upload the signed certificate.

To get root/intermediate cert. open the certificate, navigate to the certification path and you will see a hierarchy similar to the attachment. Click on the top most certificate  and click View certificate. In the new pop-up, navigate to details and click on COpy to file. Click next on the wizard that opens, on the 2nd page select the base-64 encoded option and go through the wizard. In the 3rd window, you will be able to select an option to save the certificate and this will be your root certificate. Repeat this process for the intermediate certificate, ie the 2nd cert in the hierarchy. Once you have both the files, upload the root certificate to the callmanager-trust first and then upload the intermediate certificate. Once thats done, upload the signed certificate to the callmanager location. 

At this point, your phones should start rebooting due to the bug i mentioned above. LOL.

 

Please rate useful posts.

lol....so this is where my head spin.

1) what exactly do you mean by "upload the root and intermediate cert to call-manager-trust" before I upload my signed cert.  I only have one file that came from verisign.  The only other file I have is the call-manager csr I downloaded

 

2) you said navigate to the certification path..where?  in the PC I am using to browse to the CUCM?

 

I want my phones to start randomly rebooting... so please help me :)

1) The process that I mentioned above is for extracting the root/intermediate certs that you need.

2) What format is the certificate in? ie. what extension does the file have?

Please rate useful posts.

The signed cert from verisign is .CER

The callmanager file I downloaded that I sent to Verisign is CSR

This is what I got...how do I fix this?

This is callmanager self signed certificate, I was referring to the cert that Verisign sent you.

Please rate useful posts.

The file Verisgn sent me is a .CER file

I uploaded it earlier to the CUCM and selected callmanager-trust then rebooted the server then enabled mixed mode

 

What am I missing?  tnx

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: