Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Callmanager Subscriber crashed lost certificate

on my subscribers crashed the other day.  after we were able get back up we found out that the certificates are messed up  also. is there a way a can get a new certificates without reinstalling the entire software?

ccm v. 4.1.3 subscriber.


Re: Callmanager Subscriber crashed lost certificate

I assume you are talking about the SSL certificate for IIS, is this correct?

New Member

Re: Callmanager Subscriber crashed lost certificate

Yes, david it is..

Re: Callmanager Subscriber crashed lost certificate

I'll have to double check documentation but off-hand I don't see any

reason why you can't regenerate new certs via IIS and then install

just like you would if you were enabling SSL on any Windows box. I'm

not on the forum right now so refresh me, this CCM 4.1 right on Win2K.

Sent from my iPhone

On Mar 22, 2010, at 9:07 AM, lkinchen

New Member

Re: Callmanager Subscriber crashed lost certificate

Yes, that is correct..

Re: Callmanager Subscriber crashed lost certificate

So, you can see if you can recover the default certificate or just install a new certificate.  The simplest way to do this is to configure a standalone root CA in Windows.  The information you need to know about the cert is when you install/upgrade Cisco CallManager, the SSL self-signed certificate, httpscert.cer, automatically installs on  the IIS default website that hosts the Cisco CallManager virtual  directories, which include CCMAdmin, CCMService, CCMUser, AST, BAT,  RTMTReports, CCMTraceAnalysis, PktCap, ART, and  CCMServiceTraceCollectionTool. The SSL certificate gets stored in the  C:\Program Files\Cisco\Certificates directory. If you prefer to do so, you can install a server authentication certificate from a certificate  authority and use it instead of the SSL self-signed certificate. To  use the certificate authority certificate after the Cisco CallManager  installation/upgrade, you must delete the self-signed certificate, as  described in the Cisco CallManager Security Guide.  Then, you install the server authentication certificate that is  provided by the certificate authority, as described in the certificate  authority documentation.

Windows, well TechNet, has more than ample info on setup of a standalone root CA unless you decide to go with a 3rd-party like Verisign.  You may be able to recover the original certificate from the Subscriber.  I'd see if the file is still there and then check the IIS settings to see if it needs to just be reassociated with the Default Web Site.


Please rate helpful posts!