Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CUCM CA generated Certificate - how to get access to private key

My management is wanting me to get rid of the certificate error messages when users access the CCMUser website. We are running CUCM 7.0(2).

I think I understand the instructions for generating the CSR and uploading the CA generated certificate as well as the CA's own certificate.

My question is what if I have to rebuild the system (with the same name) due to a system dying? If I understand correctly, I would need access to the private key in order to re-import the CA generated certificate. Where would I get a hold of that private key for secure storage in that situation.




Re: CUCM CA generated Certificate - how to get access to private

Certificates are not replicated because they are something that is specific to the server. Even though you normally won't run into any security issues by re-using a certificate, best practice recommendations for PKI require each server to have its own certificate, and strongly recommend a new certificate for a server rebuild.

If the CSR and private key were generated by ACS, then it will be in a file already.

If the certificate was entirely generated on the CA server, then the private key is in Windows storage along with the certificate.

You can double-click on enclosed file to get into certificate storage on your machine, and export the certificate as a PFX file, which includes the private key. Make sure to mark it exportable, and NOT turn on strong key protection. It is advisable to protect it with a lengthy password.


Re: CUCM CA generated Certificate - how to get access to private

CUCM DRS will back up the certificates.

If you're asking the physical location, it's at /usr/local/platform/.security/tomcat/keys


CreatePlease to create content