<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Angel,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">When you upload the new CA-signed tomcat certificate, the tomcat-trust certificates should be updated on all the other nodes in the cluster to reflect the new
publisher certificate via the Certificate Change Notification Service.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Brian<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> cisco-voip [mailto:cisco-voip-bounces@puck.nether.net]
<b>On Behalf Of </b>Angel Roberto Castaneda<br>
<b>Sent:</b> Thursday, January 02, 2014 10:54 AM<br>
<b>Cc:</b> cisco-voip@puck.nether.net<br>
<b>Subject:</b> Re: [cisco-voip] Certificate question<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Would this cause any issues in a cluster?<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">For example, if you were to upload the certificate to the publisher, would the subscriber have a problem with a different certificate being used now?<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><b><span style="font-family:"Verdana","sans-serif"">Angel Roberto Castaneda</span></b><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Thu, Jan 2, 2014 at 7:14 AM, Joe Martini <<a href="mailto:joemar2@cisco.com" target="_blank">joemar2@cisco.com</a>> wrote:<o:p></o:p></p>
<div>
<p class="MsoNormal">James,<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">You do not have to get your certificate issued by Thwate, GoDaddy, Verisign, etc, you can use your internal Certificate Authority (CA) server instead. In order to do this, you would need to create a Certificate Signing Request (CSR) for
Tomcat on your CUCM server(s) and get a certificate generated based on the CSR. Here’s a great guide with instructions for how to generate the CSR, get it internally signed, and re-uploaded to CUCM, <a href="https://supportforums.cisco.com/docs/DOC-6119" target="_blank">https://supportforums.cisco.com/docs/DOC-6119</a>.
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">You could apply a new certificate to all your servers by using this same process for each server in your cluster, or you can install a new certificate on only the server users usually access to fix the certificate warning that is displayed.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Note that if you do use an internal server to issue the certificate, the client computers and/or browsers need to have the root certificate (issuing server’s certificate) installed. If you are using Active Directory and Internet Explorer
the certificates should already be in place on each computer that has joined the domain. For non-Windows computers or other browsers such as Firefox, the issuing servers certificate would have to be added to the certificate store the browser uses. Lastly
once everything is in place, the URL used to access the servers has to be a hostname. Even if all the certificates are in place, using an IP address for the URL to access the servers will cause the certificate error to appear.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Joe<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal">On Jan 2, 2014, at 6:59 AM, James Dust <<a href="mailto:james.dust@charles-stanley.co.uk" target="_blank">james.dust@charles-stanley.co.uk</a>> wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">Hi there,<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">I have a certificate question I need help with as I haven’t either created or uploaded one to our CUCM cluster before (cucm 8.1.3)<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">When navigating to either the administration page or end user page for the first time any user within our network is presented with an error message stating the
website is now trusted. Now it’s no problem as it can be entered through but for my own knowledge I would like to resolve this.<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">My first question is do we need to export a certificate and get it to Thwate or someone like that, or can I just self-sign the certificate as it is just an internal
network resource to us.<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">My second question is what do I need to export?<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">Kind regards<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">James<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB" style="font-family:"Arial","sans-serif""><br>
</span><strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif";color:#99CC00">Consider the environment - Think before you print</span></strong><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-family:"Arial","sans-serif""><br>
</span><span lang="EN-GB" style="font-size:7.5pt;font-family:"Arial","sans-serif"">The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it
is the responsibility of the recipient to confirm this. <br>
<br>
You are advised that urgent, time-sensitive communications should not be sent by email. We hereby give you notice that a delivery receipt does not constitute acknowledgement or receipt by the intended recipient(s).<br>
<br>
Details of Charles Stanley group companies and their regulators (where applicable), can be found at this URL
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial","sans-serif""><a href="http://www.charles-stanley.co.uk/contact-us/disclosure/" target="_blank" title="http://www.charles-stanley.co.uk/contact-us/disclosure/"><span style="font-size:7.5pt">http://www.charles-stanley.co.uk/contact-us/disclosure/</span></a></span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>