<div dir="ltr">Anthony,<div>It seems by brevity in emails continues to cause confusion.</div><div><br></div><div>You are correct. Restarting TFTP is still needed when uploading new files. What I am saying is the new port 6972 for HTTPS delivery of TFTP files does not pickup the new certificate uploaded for tomcat until the service is deactivated and reactivated or the server is rebooted.</div><div><br></div><div>I have the process down for getting rid of jabber certificate errors down pretty good, but this threw me for a loop, since 6972 is new and restarting services did not help.</div><div><br></div><div>Thanks,</div><div>-Nate</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 29, 2016 at 11:34 AM, Anthony Holloway <span dir="ltr"><<a href="mailto:avholloway+cisco-voip@gmail.com" target="_blank">avholloway+cisco-voip@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Thank you for the heads up Nate.</div><div><br></div>To clarify the topic of uploading TFTP files and restarting the TFTP service: It's only necessary to restart TFTP when initially uploading a file to TFTP, and not for subsequent uploads of existing files (I.e., pushing changes to XML files).<div><br></div><div>As a test, I just uploaded a brand new Group Configuration file to TFTP that had never been in there before. Neither 6970 (HTTP) or 6972 (HTTPS) served up the configuration file, as expected. I then restarted the TFTP service, then both 6970 and 6972 served up the file, as expected. I then modified the XML file slightly, re-uploaded to TFTP, *did not* restart TFTP, and both 6970 and 6972 served up the modified file.</div><div><br></div><div>At no time did I deactivate/reactivate TFTP in my testing, and I should also note that I already had (from way long ago) a third party Tomcat cert installed.</div><div><br></div><div>I am running CUCM 11.0.1.20000-2, which is listed as a problem child in the defect given.</div><div><br></div><div>Whether or not the Tomcat third party cert VS self-signed cert issue happens intermittently or all the time, I cannot say. I saw my third party cert being presented in my testing of port 6972 (HTTPS). From my interpretation of the defect given, it sounds like this is an intermittent issue which only affects newly uploaded third party certs, and will require you to restart TFTP as well as Tomcat. And in some instances, restarting the Tomcat+TFTP services will not resolve the cert issue for port 6972 (HTTPS), so you must deactivate TFTP all together, and reactivate it (or better yet, just reboot the whole server).</div><div><br></div><div>I just wanted to add some commentary to the discussion, because I know that when I first read the OP email, it almost sounded like you have deactivate/reactivate TFTP every time you make a change to TFTP, so that port 6972 picks up the changes. I think I was making the wrong assumption about the wording, but if I were to guess, other people reading it would draw a similar conclusion as well.</div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Tue, Mar 29, 2016 at 9:12 AM, NateCCIE <span dir="ltr"><<a href="mailto:nateccie@gmail.com" target="_blank">nateccie@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">All,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">So CUCM 11 adds https download of TFTP files over port 6972, and jabber wants to validate that cert.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">The good news is it uses the CUCM tomcat cert. The bad news is restarting TFTP and/or Tomcat do not restart port 6972.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">There is a defect about this CSCuy12120, you get to deactivate TFTP and reactivate TFTP to get this to clear up, or reboot the node.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Thanks<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">-Nate<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></p></div></div><br></div></div>_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div>