[cisco-voip] self-signed certificate on CUCM v7

Lelio Fulgenzi lelio at uoguelph.ca
Mon Mar 21 16:38:57 EDT 2011 

Wow, that's great information. I've added the domain name as part of the install process, so multiple restarts are ok. The reason it's not there in the beginning is because I had to install first offline with no DNS access. 

Regenerating seems the way to go, however, there are a few that do not have a regenerate key. I've got a TAC case opened to see how that will go. 

Lelio 


--- 
Lelio Fulgenzi, B.A. 
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN) 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
Cooking with unix is easy. You just sed it and forget it. 
- LFJ (with apologies to Mr. Popeil) 


----- Original Message -----
From: "Jason Burns" <burns.jason at gmail.com> 
To: "Lelio Fulgenzi" <lelio at uoguelph.ca> 
Cc: cisco-voip at puck.nether.net 
Sent: Monday, March 21, 2011 3:57:31 PM 
Subject: Re: [cisco-voip] self-signed certificate on CUCM v7 

If you configure a domain with "set network domain" you can regenerate your certificates and they'll have the FQDN. 


If you don't want to change the domain (because a reboot is required, and it MUST be added on all servers in the cluster (forcing multiple reboots), you can use 


set web security 


to add a Subject Alternate Name and regenerate your certificates. 


https://supportforums.cisco.com/docs/DOC-6119 


-Burns 


On Mon, Mar 21, 2011 at 10:15 AM, Lelio Fulgenzi < lelio at uoguelph.ca > wrote: 




Looks like I solved this by simply regenerating the self-signed certificate. I didn't see a prompt for details so I wasn't sure it would use the FQDN, but it did. 



--- 
Lelio Fulgenzi, B.A. 
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN) 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
Cooking with unix is easy. You just sed it and forget it. 
- LFJ (with apologies to Mr. Popeil) 



From: "Lelio Fulgenzi" < lelio at uoguelph.ca > 
To: cisco-voip at puck.nether.net 
Sent: Monday, March 21, 2011 9:53:52 AM 
Subject: [cisco-voip] self-signed certificate on CUCM v7 





My CUCM v7 system has a self-signed certificate which only has the hostname, not a FQDN. While FF installs this certificate fine and doesn't prompt you with warnings, IE does not. 

Is it possible to re-create the self-signed certificate so that it has the FQDN? 


--- 
Lelio Fulgenzi, B.A. 
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN) 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
Cooking with unix is easy. You just sed it and forget it. 
- LFJ (with apologies to Mr. Popeil) 



_______________________________________________ 
cisco-voip mailing list 
cisco-voip at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-voip 

_______________________________________________ 
cisco-voip mailing list 
cisco-voip at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-voip 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110321/33021389/attachment.html>

More information about the cisco-voip mailing list