Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

CUCM tomcat certificate

Hello,

I have a CUCM 6.1.3 cluster. I would like to generate a custom certificate for tomcat service in order to control warnings in the CCMUser webpage.

I followed the Security guide:

1. Generated a CSR.

2. Downloaded it.

3. Generated a certificate thanks to a CA.

4. Uploaded the tomcat-trust CA certificate.

5. Uploaded the issued CUCM certificate.

6. Restarted the Tomcat service.

Everything is working:

- The new SSL certificate is the new one I uploaded, trusted by my own CA (checked in the cert properties).

This new certificate contains a CN equals to "hostname.domain name given during the installation" (ie. cucmlab.voip.local).

Now, I would like to give to users a user-friendly URL like "myphone.corpo-domain.com" resolved by the DNS to my CUCM first node.

But I don't know how. The generated CSR contains automatically a default CN built with the hostname of the node and the domain name given during installation. I cannot specify a custom CN like "myphone.corpo-domain.com".

Is there a solution to force the CN or the CSR in order to generate a certificate in relation with the user-friendly URL?

Thank you for your help.

Yorick

3 REPLIES
New Member

Re: CUCM tomcat certificate

Hi,

It sounds like you will need to issue a certificate that contains Subjet Alternate Names; or a SAN certificate to accomplish this. It allows you to have multiple names in one web certificate. Just do a search for creating SAN certificates in google and you will get tons of info.

New Member

Re: CUCM tomcat certificate

Hi,

I think you are right, SAN certificate is the solution of our needs.

I did some searches on the NetPro forum and apparently there is a command to add an Alternate Name to the CSR: "set web-security alternate-host-name hostname".

Unfortunately, this command seems to be present only from the 7.0 versions and I run a 6.1.3 version...

If someone knows a workaround, customer will keep the certificate error messages until he will upgrade to 7.1. :(

Bad news.

Yorick

New Member

Re: CUCM tomcat certificate

will this work for 4.1.3 also?

1335
Views
0
Helpful
3
Replies
CreatePlease to create content