[cisco-voip] Is there a document from Cisco that shows the exact steps to configure a certificate for the ccmadmin/ccmuser pages?

Wed Jun 8 10:16:10 EDT 2011

Hi Tim,

It's un-reasonable to assume you can make changes to the Subscriber.  :-(

If you lose your PUB, you are effectively locked out from making changes. (I
think they're are 1 or 2 things that the SUB can change, but they're minor)

It's also un-reasonable to assume you can promote a SUB to a PUB.  I had
many long conversations with Cisco Sales Engineer's with this when I first
inherited our system.

That being said, I applaud putting the right CA cert on the box.  I do the
same thing for all of my management devices.  I never "train" my end-users
to say OK to a bogus certificate.

On Wed, Jun 8, 2011 at 10:05 AM, Tim Reimers <treimers at ashevillenc.gov>wrote:

> Thanks guys!
>
>
>
> I would not anticipate allowing anyone into CCMAdmin or CCMUser during the
> few minutes it’ll take to do this-
>
>
>
> I would assume that the tomcat server on the Subscriber would remain up and
> usable as a “backdoor” In the event that the cert registration fails or
> something like that?
>
>
>
> And, once I’ve done the Publisher, the same needs to be done on the
> Subscriber, I’d imagine, since it’s a different hostname for the
> certificate.
>
>
>
> Is it reasonable to make small phone changes on the Subscriber? I wouldn’t
> want to do a BAT or anything like that, but in  the event this doesn’t work
> out well on the Pub for some reason, I’d think we could simply use the Sub
> to make simple changes to phones, etc.
>
>
>
> We are an environment of only about 600 phone users – so we have about
> three people who admin, and I’d expect only about 10-15 people a day who
> access the CCMUser pages -
>
>
>
>
>
> *From:* Lelio Fulgenzi [mailto:lelio at uoguelph.ca]
> *Sent:* Wednesday, June 08, 2011 9:58 AM
> *To:* Stieg Heimo
> *Cc:* Tim Reimers; cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Is there a document from Cisco that shows the
> exact steps to configure a certificate for the ccmadmin/ccmuser pages?
>
>
>
> I would suspect all CCMadmin/CCMuser functions are also affected.
>
> Sent from my iPhone
>
>
> On Jun 8, 2011, at 9:56 AM, Stieg Heimo <Heimo.Stieg at imtech.at> wrote:
>
> Hello,
>
>
>
> the phones shouldn’t re-register. Also calling should work normally during
> this time.
>
>
>
> But there are some things which won’t work during the restart process:
>
> *) WebDialer ( Click2Call )
>
> *) Taking screenshots from the phone
>
> *) Extension Mobility ( login/logout )
>
> *) Pushing messages to the phone
>
> *) Any other application which contacts the phone directly and needs an
> authenticated user
>
>
>
>
>
>
>
> *Von:* cisco-voip-bounces at puck.nether.net [mailto:
> cisco-voip-bounces at puck.nether.net] *Im Auftrag von *Tim Reimers
> *Gesendet:* Mittwoch, 8. Juni 2011 15:11
> *An:* cisco-voip at puck.nether.net
> *Betreff:* Re: [cisco-voip] Is there a document from Cisco that shows the
> exact steps to configure a certificate for the ccmadmin/ccmuser pages?
>
>
>
> Hi all –
>
>
>
> Does anyone know if restarting the tomcat service will affect anything in
> normal operations of the phones?
>
>
>
> I can go ahead and follow these directions, but wanted to ensure I didn’t
> make all the phones re-register or anything like that…
>
>
>
>
>
> Thanks for the responses!
>
>
>
>
> http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080b43504.shtml
>
>
>
> https://supportforums.cisco.com/docs/DOC-6119
>
>
>
>
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110608/e2416ea8/attachment.html>