Hi Tim,<div><br></div><div>It's un-reasonable to assume you can make changes to the Subscriber. :-(</div><div><br></div><div>If you lose your PUB, you are effectively locked out from making changes. (I think they're are 1 or 2 things that the SUB can change, but they're minor)</div>
<div><br></div><div>It's also un-reasonable to assume you can promote a SUB to a PUB. I had many long conversations with Cisco Sales Engineer's with this when I first inherited our system.</div><div><br></div><div>
That being said, I applaud putting the right CA cert on the box. I do the same thing for all of my management devices. I never "train" my end-users to say OK to a bogus certificate.<br><br><div class="gmail_quote">
On Wed, Jun 8, 2011 at 10:05 AM, Tim Reimers <span dir="ltr"><<a href="mailto:treimers@ashevillenc.gov">treimers@ashevillenc.gov</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div bgcolor="white" lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">Thanks guys! </span></p><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">I would not anticipate allowing anyone into CCMAdmin or CCMUser during the few minutes it’ll take to do this-</span></p><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">I would assume that the tomcat server on the Subscriber would remain up and usable as a “backdoor” In the event that the cert registration fails or something like that?</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">And, once I’ve done the Publisher, the same needs to be done on the Subscriber, I’d imagine, since it’s a different hostname for the certificate.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">Is it reasonable to make small phone changes on the Subscriber? I wouldn’t want to do a BAT or anything like that, but in the event this doesn’t work out well on the Pub for some reason, I’d think we could simply use the Sub to make simple changes to phones, etc.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">We are an environment of only about 600 phone users – so we have about three people who admin, and I’d expect only about 10-15 people a day who access the CCMUser pages - </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"> </span></p><div><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt">From:</span></b><span style="font-size:10.0pt"> Lelio Fulgenzi [mailto:<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>] <br><b>Sent:</b> Wednesday, June 08, 2011 9:58 AM<br>
<b>To:</b> Stieg Heimo<br><b>Cc:</b> Tim Reimers; <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br><b>Subject:</b> Re: [cisco-voip] Is there a document from Cisco that shows the exact steps to configure a certificate for the ccmadmin/ccmuser pages?</span></p>
</div></div><div><div></div><div class="h5"><p class="MsoNormal"> </p><div><p class="MsoNormal">I would suspect all CCMadmin/CCMuser functions are also affected. <br><br>Sent from my iPhone</p></div><div><p class="MsoNormal" style="margin-bottom:12.0pt">
<br>On Jun 8, 2011, at 9:56 AM, Stieg Heimo <<a href="mailto:Heimo.Stieg@imtech.at" target="_blank">Heimo.Stieg@imtech.at</a>> wrote:</p></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><div><p class="MsoNormal">
<span style="font-size:10.0pt;color:blue">Hello,</span></p><p class="MsoNormal"><span style="font-size:10.0pt;color:blue"> </span></p><p class="MsoNormal"><span style="font-size:10.0pt;color:blue">the phones shouldn’t re-register. Also calling should work normally during this time.</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:blue"> </span></p><p class="MsoNormal"><span style="font-size:10.0pt;color:blue">But there are some things which won’t work during the restart process:<br><br>*) WebDialer ( Click2Call )</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:blue">*) Taking screenshots from the phone</span></p><p class="MsoNormal"><span style="font-size:10.0pt;color:blue">*) Extension Mobility ( login/logout )</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:blue">*) Pushing messages to the phone</span></p><p class="MsoNormal"><span style="font-size:10.0pt;color:blue">*) Any other application which contacts the phone directly and needs an authenticated user</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:blue"> </span></p><p class="MsoNormal"><span style="font-size:10.0pt;color:blue"> </span></p><p class="MsoNormal"><span style="font-size:10.0pt;color:blue"> </span></p>
<div><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span lang="DE" style="font-size:10.0pt">Von:</span></b><span lang="DE" style="font-size:10.0pt"> <a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a> [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>] <b>Im Auftrag von </b>Tim Reimers<br>
<b>Gesendet:</b> Mittwoch, 8. Juni 2011 15:11<br><b>An:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br><b>Betreff:</b> Re: [cisco-voip] Is there a document from Cisco that shows the exact steps to configure a certificate for the ccmadmin/ccmuser pages?</span></p>
</div></div><p class="MsoNormal"> </p><p class="MsoNormal">Hi all –</p><p class="MsoNormal"> </p><p class="MsoNormal">Does anyone know if restarting the tomcat service will affect anything in normal operations of the phones?</p>
<p class="MsoNormal"> </p><p class="MsoNormal">I can go ahead and follow these directions, but wanted to ensure I didn’t make all the phones re-register or anything like that…</p><p class="MsoNormal"> </p><p class="MsoNormal">
</p><p class="MsoNormal">Thanks for the responses!</p><p class="MsoNormal"> </p><p class="MsoNormal"><span lang="EN-AU" style="color:#1F497D"><a href="http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080b43504.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a0080b43504.shtml</a></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="color:#1F497D"> </span></p><p class="MsoNormal"><span lang="EN-AU" style="color:#1F497D"><a href="https://supportforums.cisco.com/docs/DOC-6119" target="_blank">https://supportforums.cisco.com/docs/DOC-6119</a></span></p>
<p class="MsoNormal"> </p><p class="MsoNormal"> </p><p class="MsoNormal"> </p></div></div></blockquote><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p class="MsoNormal">_______________________________________________<br>
cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a></p>
</div></blockquote></div></div></div></div><br>_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br></blockquote></div><br></div>