In order to proceed the following must be met
- DNS servers configured on all CUCM servers
- Export Certificates from all Domain Controllers
- Check who Domain Controllers have the Global Catalog role installed
- Upload DC certificates on all CUCM and Presence servers using "tomcat-trust" for versions 8.x and newer.
- Restart Tomcat service from CLI/SSH using utils
service restart Cisco Tomcat
- Declare your LDAP servers with SSL and use port 3269 for GC enabled DCs and port 636 for non-GC servers.
Tuesday, 5 December 2017
Cisco Call Manager Certificates with Microsoft CA
Hi, in order to renew the certificates you must create a Certificate CSR, in this CSR you MUST include the server FQDN in subject name and in SAN also.
You must also note the old certificate attributes such extended key usage e.g.
Then you must create the certificate sign template on Microsoft CA. You must use the desktop application to do this.
Open Certificate Authority and then Certificate templates -> manage.
Find the Web server template and copy that on to a new.
Change the Name in General and then add the correct settings based on the previous step.
Check encryption for modulus not more than 4096.
Before you close the application add the Template in the template shortcuts.
Now open a browser and point to your CA
Open the CSR file and copy all the contents to your CA request website, generate the certificate and download in base64 format.
Then upload the certificate, along with the Root CA and any Intermediate CA (Full Chain) to CUCM and restart the appropriate service e.g. tomcat.
If the CA is trusted by your browser / application, then you will see no warnings when you visit the page.
Subscribe to:
Posts (Atom)