[cisco-voip] Certificate issue and I am rubbish at certificates. (full disclosure)
Matthew Loraditch
MLoraditch at heliontechnologies.com
Wed May 24 12:00:12 EDT 2023
It sounds like something is different between the old and new certs (besides the dates). As far as clients accessing Unity via a browser, the callmanager-trust certs are not involved. I'm not even sure they are used at all on a Unity server. I've never touched them.
I would take a look at the old and new certs and make sure the subject and SAN fields are all the same. There can be a lot of reasons for cert errors and the errors are all similar and hard to diagnose without access to the browser throwing the error, but that's the first thing I would check.
Matthew Loraditch
Sr. Network Engineer
direct: 443.541.1518
e: MLoraditch at heliontechnologies.com
www.heliontechnologies.com
From: cisco-voip <cisco-voip-bounces at puck.nether.net> On Behalf Of Terry Oakley
Sent: Wednesday, May 24, 2023 11:35 AM
To: 'voip puck' <cisco-voip at puck.nether.net>
Subject: [cisco-voip] Certificate issue and I am rubbish at certificates. (full disclosure)
[EXTERNAL]
On our Unity Connection server the certificates for Tomcat and Tomcat trust expired over the weekend, my oversight. I regenerated the certificates and both are now year 2028 expiry date. But we still get the same error if someone is trying to access their inbox (https://server/inbox/) (error is You cannot visit server right now because the website uses HSTS)
I noticed that there is a CallManager-Trust certificate that expired on the same day as the Tomcat certs. The CallManager-Trust certificate is issued by the CA (CA signed) but when I go to Generate a CSR I don't have the option to choose CallManager-Trust or Trust . I have Tomcat, Tomcat ecdsa or ipsec. The common name for the expired CallManager-Trust certificate is the UnityConnection server that users cannot get too. Little confused as to where this CallManager Trust certificate can be generated from.
Thank you
Terry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20230524/7ff83ef6/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image726917.jpg
Type: image/jpeg
Size: 20371 bytes
Desc: image726917.jpg
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20230524/7ff83ef6/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image364649.png
Type: image/png
Size: 9409 bytes
Desc: image364649.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20230524/7ff83ef6/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image390733.png
Type: image/png
Size: 431 bytes
Desc: image390733.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20230524/7ff83ef6/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image417223.png
Type: image/png
Size: 561 bytes
Desc: image417223.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20230524/7ff83ef6/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image226436.png
Type: image/png
Size: 444 bytes
Desc: image226436.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20230524/7ff83ef6/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image260656.jpg
Type: image/jpeg
Size: 123028 bytes
Desc: image260656.jpg
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20230524/7ff83ef6/attachment-0001.jpg>
More information about the cisco-voip
mailing list