[cisco-voip] CUCM and LDAPS and Certs

Anthony Holloway avholloway+cisco-voip at gmail.com
Wed Oct 8 15:11:40 EDT 2014


All,

I am trying to help someone else out with their MS CA which they used to
sign/encrypt their LDAP, but I'm not familiar with MS CA administration.

*The History*
I have done LDAPS in the past, and when I ask the AD team for the cert, the
happily send me the cert, I upload it, restart, etc. and all works fine.  I
was able to lean on the AD team to give me the correct cert and I didn't
have to think twice about it.

*The New Setup*
The environment is a CUCM 10.5 single Pub.  The LDAP Directory and
Authentication are pointing at IP Addresses and using port 389 and SSL is
unchecked.

*The Core Objective*
I would like to move to port 636 and SSL. (or 3269 for GC)

*The Work Completed So Far*
I asked the MS admin to send me the cert in DER binary X.509 format, and I
uploaded it to the Pub as tomcat-trust based on some documentation I
found.  I restarted the DirSync and Tomcat services (GUI and CLI
respectively).

*The Current Challenge*
First and foremost, when trying to view the cert in cert management, there
is nothing in the Common Name column, and therefore no hyperlink to click
on, and therefore no details to view about the cert.  My guess is that
something is misconfigured in the cert settings on MS CA, or the export was
of the wrong cert, etc.  I don't know how to steer the MS admin to the
correct outcome in order for this to work in the CUCM.

*The Plea for Help*
How can I point the MS admin to the right area such that we can get this
working?

Thanks for you help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141008/ecfa4588/attachment.html>


More information about the cisco-voip mailing list