08-31-2009 08:24 AM - edited 03-18-2019 10:33 AM
Hello,
I have a CUCM 6.1.3 cluster. I would like to generate a custom certificate for tomcat service in order to control warnings in the CCMUser webpage.
I followed the Security guide:
1. Generated a CSR.
2. Downloaded it.
3. Generated a certificate thanks to a CA.
4. Uploaded the tomcat-trust CA certificate.
5. Uploaded the issued CUCM certificate.
6. Restarted the Tomcat service.
Everything is working:
- The new SSL certificate is the new one I uploaded, trusted by my own CA (checked in the cert properties).
This new certificate contains a CN equals to "hostname.domain name given during the installation" (ie. cucmlab.voip.local).
Now, I would like to give to users a user-friendly URL like "myphone.corpo-domain.com" resolved by the DNS to my CUCM first node.
But I don't know how. The generated CSR contains automatically a default CN built with the hostname of the node and the domain name given during installation. I cannot specify a custom CN like "myphone.corpo-domain.com".
Is there a solution to force the CN or the CSR in order to generate a certificate in relation with the user-friendly URL?
Thank you for your help.
Yorick
08-31-2009 10:53 AM
Hi,
It sounds like you will need to issue a certificate that contains Subjet Alternate Names; or a SAN certificate to accomplish this. It allows you to have multiple names in one web certificate. Just do a search for creating SAN certificates in google and you will get tons of info.
08-31-2009 10:55 PM
Hi,
I think you are right, SAN certificate is the solution of our needs.
I did some searches on the NetPro forum and apparently there is a command to add an Alternate Name to the CSR: "set web-security alternate-host-name hostname".
Unfortunately, this command seems to be present only from the 7.0 versions and I run a 6.1.3 version...
If someone knows a workaround, customer will keep the certificate error messages until he will upgrade to 7.1. :(
Bad news.
Yorick
10-22-2009 07:02 AM
will this work for 4.1.3 also?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: