I have generated CSR from CUCM and have got it signed by CA.:
There are two kinds of certs in the cert chain - CA certs and end-entity certs. For example, the cert represent your box is "cucm01.acme.local". This is end-entity cert.
"cucm01.acme.local" was issued by a CA called "parent.someCA.com".
"parent.someCA.com" was issued by a CA called "grandparent.someCA.com".
And "grandparent.someCA.com" is the top (root) CA.
I'm trying to upload the signed CA by following steps:
1.Upload "grandparent.someCA.com" as "Tomcat Trust" cert.
2.Upload "parent.someCA.com" as "Tomcat Trust" cert.
3. Upload "cucm01.acme.local" as "Tomcat" cert. In the "Root Certificate" field, you should fill in the .pem file name of its parent.on the OS admin page > Security > Certificate Management.
The issue is on step 3, I couldn't find any "Root Certificate" field in both "Tomcat" cert and "Tomcat Trust" cert. Please see attached screenshot.
Is there any step I missed or wrong?
Did you upload the tomcat cert as well? You need to upload the root/intermediate certs to the tomcat-trust store and then upload the signed CA cert to the tomcat store and restart the tomcat service..
I do generated the CSR for pub and sub. The only thing I suspect is whether the signed CA is the correct one. How could I recognize the signed CA is really for the orignal CSR since I generated all pub and sub CSR.
This is error I got from publisher, but didn't try to upload it into any subscriber.
Ya it looks like the CSR somehow got deleted per the screenshot you sent. I would regenerate the CSR and sign the certs once more.
when I try to access CUCM with its hostname, it still shows "There is a problem with this website's security certificate."
I click errors to view the details. It shows."This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store."
But I have opened the root CA and installed them into Trusted Root Certification Authorities.