hi

in order to placate my jabber 9.2.5 clients (which prompts users to trust the unity connection tomcat SSL certificate) i thought it would perhaps be easier to replace the self signed tomcat SSL certificate with one issued by my windows enterprise CA and i found this guide

http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/administration/guide/8xcucsag215.pdf

so the steps i have taken are

1) Generated a CSR for tomcat

2) went to my windows enterprise CA server (2008r2 and not 2003 btw) and tried to submit new request but this failed with error

Certificate Request Processor

The request contains no certificate template information. 0x80094801 (-2146875391)

Denied by Policy Module 0x80094801, the request does not contain a certificate template extension or the Certificate Template request attribute.

so i found out you can run a cmd line

certreq -submit -attrib "CertificateTemplate:WebServer" <Cert Request.req>

i did this and it saved the new SSL certificate. i then uploaded the issuer certificate exported from the windows enteprise CA and uploaded it as tomcat-trust

but now i run into the following issue

the document says

but there is no root certificate field, all i can see is

certificate name : tomcat

Description: self-signed certificate (this is greyed out so i cannot enter anything there)

Upload File (choose File)

I can of course upload  the windows enterprise CA signed certificate for the unity connection server but i am not sure if this is correct given i cannot enter the root Certificate Field

once i have done this on the unity connection server i need to repeat the same process for the CUCM and CUPS servers. i thought i try unity connection first as nobody ever connects via IMAP or HTTPS (except me) so it is a good test bed.

has anyone replaced the self signed tomcat SSL certificates with a windows enterprise CA signed (2008 r2) SSL certificate and did you encounter the same issue and if so how did you resolve or if you have a recommendation that woudl be great too

many thanks