<div dir="ltr"><div><div>Well seemed to work OK thanks for assistance Anthony and Matthew.<br><br></div><div>So this for 9.02 UCCX automatically chained the certificates, socialminer 10.5 required me to specify the root where in the Intermediate host and issuing server came from.<br></div><div><br></div>I should have added an additional SAN for the IP of the server as Calabrio wants to use the IP for JAVA...<br></div><div><div><br>Matthew I was talking about internal certificates but chained CA's. People used to just sign with a root but now its common for Root > intermediate and issuing server . See this post <a href="https://supportforums.cisco.com/document/30501/cucm-uploading-ccmadmin-web-gui-certificates">https://supportforums.cisco.com/document/30501/cucm-uploading-ccmadmin-web-gui-certificates</a> the extra steps were not required.<br><br></div><div>Thanks Anthony for the link I did it out of hours as I saw CAD but didn't see any affect... PS Anthony I'd love to hear how you went with Presence, I still have a TAC case open for DRS which is preventing me from clustering the server. <br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 15, 2014 at 9:58 PM, Matthew Loraditch <span dir="ltr"><<a href="mailto:MLoraditch@heliontechnologies.com" target="_blank">MLoraditch@heliontechnologies.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I had to upload my root, but it was internal, not sure about public CAs.<u></u><u></u></span></p><span class="">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#1f497d">1965 Greenspring Drive</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><br>
</span><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#1f497d">Timonium, MD 21093</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><br>
</span><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#1f497d"><br>
direct voice. 443.541.1518<br>
fax.  410.252.9284<br>
<br>
<a href="http://twitter.com/heliontech" target="_blank">Twitter</a>  |  <a href="http://www.facebook.com/#!/pages/Helion/252157915296" target="_blank">
Facebook</a>  | <a href="http://www.heliontechnologies.com/" target="_blank">Website</a>  |  <a href="mailto:support@heliontechnologies.com?subject=Technical%20Support%20Request" target="_blank">
Email Support</a><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#1f497d">Support Phone. 410.252.8830</span><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
</span><p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> Andrew Grech [mailto:<a href="mailto:agrech88@gmail.com" target="_blank">agrech88@gmail.com</a>]
<br>
<b>Sent:</b> Monday, September 15, 2014 7:54 AM<br>
<b>To:</b> Matthew Loraditch<br>
<b>Subject:</b> RE: [cisco-voip] UCCX tomcat - move to CA signed certificate Gotya's?<u></u><u></u></span></p><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<p>Thanks im actually doing it now on uccx 9.02, it must automatically chain my CAs? In socialminer 10.5 you have to tell it the root it came from...<u></u><u></u></p>
<div>
<p class="MsoNormal">On 15/09/2014 9:51 PM, "Matthew Loraditch" <<a href="mailto:MLoraditch@heliontechnologies.com" target="_blank">MLoraditch@heliontechnologies.com</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">The only gotcha I can think of is, if you are on newer versions even though it’s one cert you have
 to restart Tomcat, CUIC and Finesse, if you are using it, as they all run as separate instances.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">HTH</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#1f497d">1965 Greenspring Drive</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><br>
</span><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#1f497d">Timonium, MD 21093</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><br>
</span><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#1f497d"><br>
direct voice. 443.541.1518<br>
fax.  410.252.9284<br>
<br>
<a href="http://twitter.com/heliontech" target="_blank">Twitter</a>  |  <a href="http://www.facebook.com/#!/pages/Helion/252157915296" target="_blank">
Facebook</a>  | <a href="http://www.heliontechnologies.com/" target="_blank">Website</a>  | 
<a href="mailto:support@heliontechnologies.com?subject=Technical%20Support%20Request" target="_blank">
Email Support</a></span><u></u><u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#1f497d">Support Phone. 410.252.8830</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> cisco-voip [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>]
<b>On Behalf Of </b>Anthony Holloway<br>
<b>Sent:</b> Sunday, September 14, 2014 10:12 PM<br>
<b>To:</b> Andrew Grech<br>
<b>Cc:</b> Cisco VoIP Group<br>
<b>Subject:</b> Re: [cisco-voip] UCCX tomcat - move to CA signed certificate Gotya's?</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">Andrew,<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Check out the port utilization guide to figure out what tomcat is responsible for. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_9_02/configuration/guide/UCCX_BK_P89325D5_00_port-utilization-guide-uccx-902.pdf" target="_blank">http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_9_02/configuration/guide/UCCX_BK_P89325D5_00_port-utilization-guide-uccx-902.pdf</a><br>
<br>
On Sunday, September 14, 2014, Andrew Grech <<a href="mailto:agrech88@gmail.com" target="_blank">agrech88@gmail.com</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">I'm going to signing my UCCX tomcat certificate with a internal trusted root authority this week and restarting the Tomcat service. Can anyone think of any issues this may cause
 for logged in agents or the contact center general? <u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">This is going to be done for the socialminer agent desktop page.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div></div></div>
</div>

</blockquote></div><br></div>