[cisco-voip] Phantom tomcat-trust cert

Brian Meade bmeade90 at vt.edu
Wed Sep 30 10:29:47 EDT 2015 

So if you stop the certificate change notification service on the publisher
and that presence server then delete the tomcat-trust on the presence
server, you see it propagate that old tomcat-trust again to the presence
server after the services are started again?

On Wed, Sep 30, 2015 at 12:26 AM, James Andrewartha <
jandrewartha at ccgs.wa.edu.au> wrote:

> On 15/09/15 22:34, Brian Meade wrote:
> > Stop the certificate change notification service on all nodes and then
> > delete all the old tomcat-trust certs.  You can then restart the service
> > and they shouldn't come back.
>
> This worked for most of them, but there's still one that is propagating
> from the publisher to IM&P for the publisher tomcat-trust:
>
> On presence, this is the one that comes back if I delete it:
>
> admin:show cert trust tomcat-trust/callmanager1.voip.ccgs.wa.edu.au.pem
> [
>   Version: V3
>   Serial Number: 39A72D2638CD12B5
>   SignatureAlgorithm: SHA1withRSA (1.2.840.113549.1.1.5)
>   Issuer Name: C=AU, ST=Western Australia, L=Queenslea Drive, Claremont,
> O=Christ Church Grammar School, OU=ICT Services,
> CN=callmanager1.voip.ccgs.wa.edu.au
>   Validity From: Thu Sep 23 09:49:29 WST 2010
>            To:   Wed Sep 23 09:49:29 WST 2015
>   Subject Name: C=AU, ST=Western Australia, L=Queenslea Drive,
> Claremont, O=Christ Church Grammar School, OU=ICT Services,
> CN=callmanager1.voip.ccgs.wa.edu.au
>
>
> On callmanager1:
>
> admin:show cert trust tomcat-trust/callmanager1.voip.ccgs.wa.edu.au.pem
> [
>   Version: V3
>   Serial Number: B231C6ACDB211AEE6C18BDC8700A0EE
>   SignatureAlgorithm: SHA256withRSA (1.2.840.113549.1.1.11)
>   Issuer Name: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
>   Validity From: Wed Apr 08 08:00:00 WST 2015
>            To:   Wed Jun 13 20:00:00 WST 2018
>   Subject Name: CN=callmanager1.voip.ccgs.wa.edu.au, O=Christ Church
> Grammar School, L=Claremont, ST=Western Australia, C=AU
>
> The new tomcat cert is a SAN cert, so maybe I've hit some sort of bug?
>
> --
> James Andrewartha
> Network & Projects Engineer
> Christ Church Grammar School
> Claremont, Western Australia
> Ph. (08) 9442 1757
> Mob. 0424 160 877
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150930/92aa4a9c/attachment.html>

More information about the cisco-voip mailing list