[cisco-voip] Updating Certificates on CUCM?

Jason Burns burns.jason at gmail.com
Mon Oct 5 15:18:35 EDT 2009


You're right that there aren't any great documents out there that I've
found. The Cisco security guide just recommends that you add the self signed
server certs to your client PCs list of trusted publishers. Not really the
most efficient solution.

Since I couldn't find a guide, I wrote one. I've been working on a
presentation for this anyway.

Take a look at the following and let me know if you still have any
questions:

https://supportforums.cisco.com/docs/DOC-6119


-Jason Burns



On Mon, Oct 5, 2009 at 2:44 PM, Madziarczyk, Jonathan <
JMad at cityofevanston.org> wrote:

>  Oh, I’m just trying to set the general certs for mgmt and user management
> web pages into the publisher/subscribers.  Since IE8 and the latest FireFox,
> they no longer give user friendly popups when you try to go to a site that
> does not have a known certificate.
>
>
>
> Rather than try to train our users how to read the web page and make their
> own determination, it’s easier to just fix the cert to correlate to our own
> internal CA. (the PCs inside already have our CA in their list)
>
>
>
> I’ve gotten the request files and made certs for
> tomcat/CAPF/callmanager/ipsec but I’m a little leery about just overwriting
> what’s there on the server.  Do they have to be .der or .cer or .pem.  I
> don’t see a place to upload the site cert either.
>
>
>
> So I assumed Cisco had a document on the proper steps to install these, but
> I have been unsuccessful in finding it.
>
>
>
> JM
>
>
>
>
>  ------------------------------
>
> *From:* Jason Burns [mailto:burns.jason at gmail.com]
> *Sent:* Monday, October 05, 2009 1:37 PM
> *To:* Madziarczyk, Jonathan
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Updating Certificates on CUCM?
>
>
>
> JM,
>
> Which certificates exactly do you want to update?
>
> The ones used to access the CCMAdmin GUI, or the ones used to secure
> SIP/TLS connections?
>
> On Mon, Oct 5, 2009 at 1:59 PM, Madziarczyk, Jonathan <
> JMad at cityofevanston.org> wrote:
>
> Does anyone have a good writeup for the procedure to update the certificate
> on call manager 6.1?
>
>
>
> I think I’ve got most of it figured out, I just want to see some official
> documentation before I start wiping certs.
>
>
>
> I guess I fail at google, because I can’t seem to find any documentation
> that addresses my issue.
>
>
>
> JM
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20091005/aed59b4c/attachment.html>


More information about the cisco-voip mailing list