[cisco-voip] CUCM and LDAPS and Certs

Brian Meade bmeade90 at vt.edu
Wed Oct 8 15:46:16 EDT 2014 

http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx#Exporting_and_Importing_the_LDAPS_Certificate

I've always asked for the Base64 X.509 which plays well with CUCM.

On Wed, Oct 8, 2014 at 3:11 PM, Anthony Holloway <
avholloway+cisco-voip at gmail.com> wrote:

> All,
>
> I am trying to help someone else out with their MS CA which they used to
> sign/encrypt their LDAP, but I'm not familiar with MS CA administration.
>
> *The History*
> I have done LDAPS in the past, and when I ask the AD team for the cert,
> the happily send me the cert, I upload it, restart, etc. and all works
> fine.  I was able to lean on the AD team to give me the correct cert and I
> didn't have to think twice about it.
>
> *The New Setup*
> The environment is a CUCM 10.5 single Pub.  The LDAP Directory and
> Authentication are pointing at IP Addresses and using port 389 and SSL is
> unchecked.
>
> *The Core Objective*
> I would like to move to port 636 and SSL. (or 3269 for GC)
>
> *The Work Completed So Far*
> I asked the MS admin to send me the cert in DER binary X.509 format, and I
> uploaded it to the Pub as tomcat-trust based on some documentation I
> found.  I restarted the DirSync and Tomcat services (GUI and CLI
> respectively).
>
> *The Current Challenge*
> First and foremost, when trying to view the cert in cert management, there
> is nothing in the Common Name column, and therefore no hyperlink to click
> on, and therefore no details to view about the cert.  My guess is that
> something is misconfigured in the cert settings on MS CA, or the export was
> of the wrong cert, etc.  I don't know how to steer the MS admin to the
> correct outcome in order for this to work in the CUCM.
>
> *The Plea for Help*
> How can I point the MS admin to the right area such that we can get this
> working?
>
> Thanks for you help.
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141008/79dc1cdf/attachment.html>

More information about the cisco-voip mailing list