Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Generating a Certificate for Tomcat

Hello all,

If I generate a certificate for Tomcat will this be non-impacting during production hours?  Thanks in advance.

Thanks,

Matt

4 REPLIES
Super Bronze

Generating a Certificate for Tomcat

Hi

It's best to specify a product when asking a question...

But assuming you are talking CUCM, yes you can generate/replace the tomcat cert without affecting call processing. It may affect use of services such as EM/Admin as you will need to restart tomcat.

Regards

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

Generating a Certificate for Tomcat

Thanks.  We are using CUCM 8.5 and I think I need to regenerate a certificate for Tomcat since it only has the hostname and not the FQDN of the publisher.  So baiscally it would affect Extension Mobility and the Admin page?  I need to get commercially signed SSL certificate installed on both the subscriber and publisher.  The subscriber seems to have the correct FQDN.  We started using Click to Call and the certificate keeps asking to be imported on the windows clients every time we use the application.

Super Bronze

Generating a Certificate for Tomcat

Hi

Well - the process for getting a commercial cert is:

- Generate a CSR from OS Admin for tomcat

- Get the cert issued

- Upload the cert

The cert request will have the name of the server in it. You should verify using 'show network eth0' at the CLI that it's in the correct domain, or the CSR may not include the domain name of the server. YOu don't get to set a name when you actually generate the CSR.

I usually use 'set web-security' post-installation to set a common 'alias' or alternate hostname to a group of the CUCMs. e.g. set web-security etc etc etc etc cucm.yourorg.com

This gives you a name you can add to DNS as two or more round-robin A entries pointing cucm.yourorg.com to each of the CUCMs. You can then point your web browser, users, EM service URL, and whatever you like at that new name to provide some basic resilience.

When you upload the new cert, you restart tomcat - it takes a minute or so, and that's all your outage  (if it works).

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

Generating a Certificate for Tomcat

I see the right hostname an domain according to the show network eth0 and show myself.  Does it matter if the domain name is not in the downloaded certificate for the CA?

329
Views
0
Helpful
4
Replies
CreatePlease login to create content