[cisco-voip] Certificate question

Thu Jan 2 10:54:01 EST 2014

Would this cause any issues in a cluster?

For example, if you were to upload the certificate to the publisher, would
the subscriber have a problem with a different certificate being used now?

*Angel Roberto Castaneda*

On Thu, Jan 2, 2014 at 7:14 AM, Joe Martini <joemar2 at cisco.com> wrote:

> James,
>
> You do not have to get your certificate issued by Thwate, GoDaddy,
> Verisign, etc, you can use your internal Certificate Authority (CA) server
> instead.  In order to do this, you would need to create a Certificate
> Signing Request (CSR) for Tomcat on your CUCM server(s) and get a
> certificate generated based on the CSR.  Here’s a great guide with
> instructions for how to generate the CSR, get it internally signed, and
> re-uploaded to CUCM, https://supportforums.cisco.com/docs/DOC-6119.
>
> You could apply a new certificate to all your servers by using this same
> process for each server in your cluster, or you can install a new
> certificate on only the server users usually access to fix the certificate
> warning that is displayed.
>
> Note that if you do use an internal server to issue the certificate, the
> client computers and/or browsers need to have the root certificate (issuing
> server’s certificate) installed.  If you are using Active Directory and
> Internet Explorer the certificates should already be in place on each
> computer that has joined the domain.  For non-Windows computers or other
> browsers such as Firefox, the issuing servers certificate would have to be
> added to the certificate store the browser uses.  Lastly once everything is
> in place, the URL used to access the servers has to be a hostname.  Even if
> all the certificates are in place, using an IP address for the URL to
> access the servers will cause the certificate error to appear.
>
> Joe
>
>
> On Jan 2, 2014, at 6:59 AM, James Dust <james.dust at charles-stanley.co.uk>
> wrote:
>
>  Hi there,
>
>
> I have a certificate question I need help with as I haven’t either created
> or uploaded one to our CUCM cluster before (cucm 8.1.3)
>
>
> When navigating to either the administration page or end user page for the
> first time any user within our network is presented with an error message
> stating the website is now trusted. Now it’s no problem as it can be
> entered through but for my own knowledge I would like to resolve this.
>
>
> My first question is do we need to export a certificate and get it to
> Thwate or someone like that, or can I just self-sign the certificate as it
> is just an internal network resource to us.
>
>
> My second question is what do I need to export?
>
>
> Kind regards
>
>
> James
>
>
>
> *Consider the environment - Think before you print*
>
> The contents of this email are confidential to the intended recipient and
> may not be disclosed. Although it is believed that this email and any
> attachments are virus free, it is the responsibility of the recipient to
> confirm this.
>
> You are advised that urgent, time-sensitive communications should not be
> sent by email. We hereby give you notice that a delivery receipt does not
> constitute acknowledgement or receipt by the intended recipient(s).
>
> Details of Charles Stanley group companies and their regulators (where
> applicable), can be found at this URL
> http://www.charles-stanley.co.uk/contact-us/disclosure/
>
>  _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140102/8cf0ac52/attachment.html>