McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 6

↗ View in doc context
page
6
source
cucm/v15/certificate-regeneration/certificate-regeneration.md
chunk_id
cucm::v15::certificate-regeneration::certificate-regeneration::5

certificate. Both the CallManager and CallManager-ECDSA certificates share the common certificate trust store—CallManager-Trust. Unified Communications Manager uploads these certificates to this trust store. Third-Party CA Signed Identity Certificate Note: Third-party can mean internal Certificate Authority (CA) or external sources like Go-Daddy, Verisign, and others. Identity certificate is the server certificate for the specific roll (Tomcat, Call Manager, and so on). Navigate to each server in your cluster (in separate tabs of your web browser unless you are creating Multi-SAN CSR) begin with the publisher, succeeded by each subscriber. Navigate to Cisco Unified OS Administration > Security > Certificate Management. 1. Select Generate CSR. 2. Select Certificate Purpose drop-down and select the certificate. 3. Select Distribution type. Single Server or Multi-sever (SAN). Multi-server (SAN) includes all CUCM and CUPs nodes in the SANs section. • 4. Select Generate. 5. Download the CSR and provide to your Certificate Authority. 6. After receiving the signed certificate, upload the certificates by chain order. Upload the ROOT as a trust certificate. • Upload the Intermediate as a trust certificate. • Upload the Signed Certificate as the certificate type. • Restart the appropriate services identified in the pop-up. • 7. Certificate Regeneration Process Note: All the endpoints need to be powered on and registered before the certificates regeneration. Otherwise, the not connected phones require the removal of the ITL. Tomcat Certificate The process of regenerating Tomcat and Tomcat-ECDSA are identical, including service restarts. Identify if third party certificates are in use: Navigate to each server in your cluster (in separate tabs of your web browser) begin with the publisher, proceeded by each subscriber. Navigate to Cisco Unified OS Administration > Security

Certificate Management > Find. Observe from the Description column if Tomcat states Self-signed certificate generated by system. If Tomcat is third party signed, use the link provided and perform those steps after the Tomcat regeneration. • Third-Party Signed certificates, refer to CUCM Uploading CCMAdmin Web GUI Certificates. •

Select Find to show all the certificates: Select the Find Tomcat Pem. • Once open, select Regenerate and wait until you see the Success pop-up, then close pop-up or go back and select Find/List. • 2. Continue with each subsequent Subscriber, perform the same procedure in step 2 and complete on all Subscribers in your cluster. 3. After all Nodes have regenerated the Tomcat certificate, restart the tomcat service on all the nodes. 4.