Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1712
Views
0
Helpful
3
Replies

CUCM tomcat certificate

Yorick Petey
Level 4
Level 4

‎08-31-2009 08:24 AM - edited ‎03-18-2019 10:33 AM

Hello,

I have a CUCM 6.1.3 cluster. I would like to generate a custom certificate for tomcat service in order to control warnings in the CCMUser webpage.

I followed the Security guide:

1. Generated a CSR.

2. Downloaded it.

3. Generated a certificate thanks to a CA.

4. Uploaded the tomcat-trust CA certificate.

5. Uploaded the issued CUCM certificate.

6. Restarted the Tomcat service.

Everything is working:

- The new SSL certificate is the new one I uploaded, trusted by my own CA (checked in the cert properties).

This new certificate contains a CN equals to "hostname.domain name given during the installation" (ie. cucmlab.voip.local).

Now, I would like to give to users a user-friendly URL like "myphone.corpo-domain.com" resolved by the DNS to my CUCM first node.

But I don't know how. The generated CSR contains automatically a default CN built with the hostname of the node and the domain name given during installation. I cannot specify a custom CN like "myphone.corpo-domain.com".

Is there a solution to force the CN or the CSR in order to generate a certificate in relation with the user-friendly URL?

Thank you for your help.

Yorick

Labels:
0 Helpful
3 Replies 3

shawilson
Level 1
Level 1

‎08-31-2009 10:53 AM

Hi,

It sounds like you will need to issue a certificate that contains Subjet Alternate Names; or a SAN certificate to accomplish this. It allows you to have multiple names in one web certificate. Just do a search for creating SAN certificates in google and you will get tons of info.

0 Helpful

Yorick Petey
Level 4
Level 4
In response to shawilson

‎08-31-2009 10:55 PM

Hi,

I think you are right, SAN certificate is the solution of our needs.

I did some searches on the NetPro forum and apparently there is a command to add an Alternate Name to the CSR: "set web-security alternate-host-name hostname".

Unfortunately, this command seems to be present only from the 7.0 versions and I run a 6.1.3 version...

If someone knows a workaround, customer will keep the certificate error messages until he will upgrade to 7.1. :(

Bad news.

Yorick

0 Helpful

skravens0929
Level 1
Level 1

‎10-22-2009 07:02 AM

will this work for 4.1.3 also?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents