[cisco-voip] CUCM 11.5 Tomcat Service SSL Certificate Issue

Heim, Dennis Dennis.Heim at wwt.com
Wed May 17 09:58:14 EDT 2017 

Do you left/system certs have a SAN that matches the common name (CN)?

Dennis Heim | Emerging Technology Architect (Collaboration)
World Wide Technology, Inc. | +1 314-212-1814


"Worry less about who you might offend, and more about who you might inspire" -- Tim Allen
“When you have unlimited time, its easy” – Captain Chesley Sullenberger
“There is a fine line between Wrong and Visionary. Unfortunately, you have to be a visionary to see it." – Sheldon Cooper
“The greatest danger for most of us is not that our aim is too high and we miss it, but that it is too low and we reach it.” -- Michelangelo Buonarroti
“We should transform the way we work” – Rowan Trollope
“If you’re not failing every now and again, it’s a sign you’re not doing anything very innovative” – Woody Allen

Click here to join me in my Collaboration Meeting Room

-----Original Message-----
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Gary Parker
Sent: Wednesday, May 17, 2017 4:21 AM
To: NateCCIE <nateccie at gmail.com>
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] CUCM 11.5 Tomcat Service SSL Certificate Issue


> On 16 May 2017, at 21:22, NateCCIE <nateccie at gmail.com> wrote:
> 
> I don't think you can upload a cert unless there is an active CSR for it.  

Correct: the CSR gets removed when you install a server cert that matches it.

Brian > looking at 'OS Administration -> Security -> Certificate Management’ I can see the tomcat server certificate issued by “QuoVadis_Global_SSL_ICA_G2” and the intermediate with the same name issued by “QuoVadis_Root_CA_2” and that matching root certificate.


Here’s a screen grab:
https://www.osx.ninja/tomcat_certs.jpeg

Looking at the cert info I can see the serial numbers match up for the chain, too.

I’ll get a new cert issued for one of the servers today and install it out of hours, ensuring I install root, then intermediate, then server in the correct order. If it solves the problem for server I’ll repeat for the rest of them. I’ll let the list know how I get on.

Gary
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

More information about the cisco-voip mailing list