You're right that there aren't any great documents out there that I've found. The Cisco security guide just recommends that you add the self signed server certs to your client PCs list of trusted publishers. Not really the most efficient solution.<br>
<br>Since I couldn't find a guide, I wrote one. I've been working on a presentation for this anyway.<br><br>Take a look at the following and let me know if you still have any questions:<br><br><a href="https://supportforums.cisco.com/docs/DOC-6119">https://supportforums.cisco.com/docs/DOC-6119</a><br>
<br><br>-Jason Burns<br><br><br><br><div class="gmail_quote">On Mon, Oct 5, 2009 at 2:44 PM, Madziarczyk, Jonathan <span dir="ltr"><<a href="mailto:JMad@cityofevanston.org">JMad@cityofevanston.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="blue" lang="EN-US">
<div>
<p><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;">Oh, I’m just trying to set the general
certs for mgmt and user management web pages into the publisher/subscribers.
Since IE8 and the latest FireFox, they no longer give user friendly popups when
you try to go to a site that does not have a known certificate.</span></font></p>
<p><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;">Rather than try to train our users how to
read the web page and make their own determination, it’s easier to just fix the
cert to correlate to our own internal CA. (the PCs inside already have our CA
in their list)</span></font></p>
<p><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;">I’ve gotten the request files and made
certs for tomcat/CAPF/callmanager/ipsec but I’m a little leery about just
overwriting what’s there on the server. Do they have to be .der or .cer or
.pem. I don’t see a place to upload the site cert either.</span></font></p>
<p><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;">So I assumed Cisco had a document on the
proper steps to install these, but I have been unsuccessful in finding it.</span></font></p>
<p><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;">JM</span></font></p>
<p><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<div>
<div style="text-align: center;" align="center"><font size="3" face="Times New Roman"><span style="font-size: 12pt;">
<hr size="2" width="100%" align="center">
</span></font></div>
<p><b><font size="2" face="Tahoma"><span style="font-size: 10pt; font-family: Tahoma; font-weight: bold;">From:</span></font></b><font size="2" face="Tahoma"><span style="font-size: 10pt; font-family: Tahoma;"> Jason Burns
[mailto:<a href="mailto:burns.jason@gmail.com" target="_blank">burns.jason@gmail.com</a>] <br>
<b><span style="font-weight: bold;">Sent:</span></b> Monday, October 05, 2009
1:37 PM<br>
<b><span style="font-weight: bold;">To:</span></b> Madziarczyk, Jonathan<br>
<b><span style="font-weight: bold;">Cc:</span></b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b><span style="font-weight: bold;">Subject:</span></b> Re: [cisco-voip] Updating
Certificates on CUCM?</span></font></p>
</div><div><div></div><div class="h5">
<p><font size="3" face="Times New Roman"><span style="font-size: 12pt;"> </span></font></p>
<p style="margin-bottom: 12pt;"><font size="3" face="Times New Roman"><span style="font-size: 12pt;">JM,<br>
<br>
Which certificates exactly do you want to update?<br>
<br>
The ones used to access the CCMAdmin GUI, or the ones used to secure SIP/TLS
connections?</span></font></p>
<div>
<p><font size="3" face="Times New Roman"><span style="font-size: 12pt;">On Mon, Oct 5, 2009 at 1:59 PM, Madziarczyk, Jonathan <<a href="mailto:JMad@cityofevanston.org" target="_blank">JMad@cityofevanston.org</a>> wrote:</span></font></p>
<div link="blue" vlink="purple">
<div>
<p><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;">Does
anyone have a good writeup for the procedure to update the certificate on call
manager 6.1?</span></font></p>
<p><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;"> </span></font></p>
<p><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;">I
think I’ve got most of it figured out, I just want to see some official
documentation before I start wiping certs.</span></font></p>
<p><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;"> </span></font></p>
<p><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;">I
guess I fail at google, because I can’t seem to find any documentation that
addresses my issue.</span></font></p>
<p><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;"> </span></font></p>
<p><font size="2" face="Arial"><span style="font-size: 10pt; font-family: Arial;">JM</span></font></p>
</div>
</div>
<p style="margin-bottom: 12pt;"><font size="3" face="Times New Roman"><span style="font-size: 12pt;"><br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a></span></font></p>
</div>
<p><font size="3" face="Times New Roman"><span style="font-size: 12pt;"> </span></font></p>
</div></div></div>
</div>
</blockquote></div><br>