<div dir="ltr">Thanks Tim, but you may have missed it in my lengthy starter email, but I already deactivated/re-activated TFTP. </div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Sep 3, 2019 at 9:57 PM Tim Smith <<a href="mailto:tim.smith@enject.com.au">tim.smith@enject.com.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-AU">
<div class="gmail-m_-4518906570463110798WordSection1">
<p class="MsoNormal"><span style="color:rgb(34,34,34);border:1pt none windowtext;padding:0cm;background:white">Im on the road, but there was a similar bug for this. Can’t seem to find it.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(34,34,34);border:1pt none windowtext;padding:0cm;background:white">It’s TFTP based issue from memory.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(34,34,34);border:1pt none windowtext;padding:0cm;background:white">You had to de-activate and re-activate the TFTP services.</span><u></u><u></u></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(181,196,223);padding:3pt 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:12pt;color:black">From: </span></b><span style="font-size:12pt;color:black">cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>> on behalf of Anthony Holloway <<a href="mailto:avholloway%2Bcisco-voip@gmail.com" target="_blank">avholloway+cisco-voip@gmail.com</a>><br>
<b>Date: </b>Wednesday, 4 September 2019 at 12:03 pm<br>
<b>To: </b>"<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>" <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>
<b>Subject: </b>[cisco-voip] CUCM 11.5(1)SU6, Port 6972 and EC Certs<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">So, I just ran into something interesting where someone else took care of the certs for a CUCM I now have access to, and while the main CCMAdmin pages load fine in my browser with a full chain of trust, the 6972 page(s) are being delivered
as EC certs, which were not signed, and thus, I get a warning in my browser. <u></u>
<u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Now, I have other CUCM deployments under my belt where the Tomcat RSA certs are signed and EC not, because the default setting for CUCM is to not use EC certs until you tell it to. These deployments still present the RSA cert to me for
6972.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">The only difference is the SU6 part.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I couldn't find anything in the release notes nor in the bug search, and so I'm wondering if any of you know what might be happening.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I tried toggling the HTTP Ciphers from RSA only to All and back again, but that didn't work.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I tried re-uploading the RSA cert chain, starting from root, and then back through the 2 intermediates (yes, three layers deep, it's a public CA chain).<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I've restarted Tomcat, I've deactivated/reactivate TFTP, I've rebooted the cluster, and I'm just at a loss. It's not that big of a deal, it just bothers me that I don't know why it's doing this.<u></u><u></u></p>
</div>
</div>
</div>
</div>
</blockquote></div>