[cisco-voip] Updating Certificates on CUCM?

Mon Oct 5 14:48:50 EDT 2009

Follow the guide here, but change out 'sip-proxy' with 'tomcat'.  You also have to restart the Cisco Tomcat service for the new cert to take affect.  You cannot do this through the GUI, you have to use the command line 'utils service restart Cisco Tomcat'.

http://docwiki.cisco.com/wiki/Cisco_Unified_Presence%2C_Release_7.x_--_How_to_Configure_the_Security_Certificate_for_Cisco_Unified_Presence_for_Remote_Call_Control#How_to_Configure_the_Security_Certificate_for_Cisco_Unified_Presence_for_Remote_Call_Control

From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Madziarczyk, Jonathan
Sent: Monday, October 05, 2009 2:44 PM
To: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Updating Certificates on CUCM?

Oh, I'm just trying to set the general certs for mgmt and user management web pages into the publisher/subscribers.  Since IE8 and the latest FireFox, they no longer give user friendly popups when you try to go to a site that does not have a known certificate.

Rather than try to train our users how to read the web page and make their own determination, it's easier to just fix the cert to correlate to our own internal CA. (the PCs inside already have our CA in their list)

I've gotten the request files and made certs for tomcat/CAPF/callmanager/ipsec but I'm a little leery about just overwriting what's there on the server.  Do they have to be .der or .cer or .pem.  I don't see a place to upload the site cert either.

So I assumed Cisco had a document on the proper steps to install these, but I have been unsuccessful in finding it.

JM

________________________________
From: Jason Burns [mailto:burns.jason at gmail.com]
Sent: Monday, October 05, 2009 1:37 PM
To: Madziarczyk, Jonathan
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Updating Certificates on CUCM?

JM,

Which certificates exactly do you want to update?

The ones used to access the CCMAdmin GUI, or the ones used to secure SIP/TLS connections?
On Mon, Oct 5, 2009 at 1:59 PM, Madziarczyk, Jonathan <JMad at cityofevanston.org<mailto:JMad at cityofevanston.org>> wrote:

Does anyone have a good writeup for the procedure to update the certificate on call manager 6.1?

I think I've got most of it figured out, I just want to see some official documentation before I start wiping certs.

I guess I fail at google, because I can't seem to find any documentation that addresses my issue.

JM

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-----------------------------------------
Disclaimer: 

This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the
designated addressee(s) named above only.  If you are not the
intended addressee, you are hereby notified that you have received
this communication in error and that any use or reproduction of
this email or its contents is strictly prohibited and may be
unlawful.  If you have received this communication in error, please
notify us immediately by replying to this message and deleting it
from your computer. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20091005/83857672/attachment.html>