Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Setting certificate validation for IP Communicator user preferences

I amnot very familiar with certificates. We have been using a one-time certificate so that anytime the user clicks the "User Preferences" link, they have to accept the cert. each time. We want a permanent certificate. My network guy generated a certificate in Unified OS Administration and uploaded it to our certificate server. How to we get this webpage to point to the new certificate? (link example https://xxx.xxx.xxx.xxx/ccmuser/showHome.do) Is this in CM or does is it just IE specific? Registry? I have searched the Cisco help docs and they all say how to generate and upload the new cert but don't say how to make the primary/effective cert.

1 REPLY
Super Bronze

Setting certificate validation for IP Communicator user preferen

Hi

Getting a cert uploaded is a three-step process.

1) Go to OS admin, and generate a CSR (Certificate Signing Request) for the tomcat service.

2) Take the CSR to your cert server/provider, and get a cert issued. If it's a cert provider that isn't well known, or is an internal server to your organisation, then you will probably need the root cert and any intermediate certificates.

3) Upload the root cert to the OS Admin page where you got the CSR from. Also upload intermediate and root certs.

Restart the server (or just the tomcat server 'utill service restart cisco tomcat' from the server CLI) for it to take effect.

It's all detailed in the OS Administration guide for your version of CUCM.

There's a few other things you should know about SSL in general:

  • SSL is meant for encrypting traffic, which it does if you connect to a https: URL.
  • The other part is that it authenticates the server - i.e. assures it is the server it says it is. As such, you will ALWAYS get a cert error if you connect to the server using https://ipaddress, or an alias for the server such as https://phonesystem.

So make sure you are using the server's hostname when connecting after loading the cert and restarting.

Aaron

Regards

Aaron Harrison

Principal Engineer at Logicalis UK

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
190
Views
0
Helpful
1
Replies
CreatePlease to create content