McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 36

↗ View in doc context
page
36
source
uccx/v12.5/os-admin-guide/uccx-12.5su3-os-admin-guide.md
chunk_id
uccx::v12.5::os-admin-guide::uccx-12.5su3-os-admin-guide::34

Application Certificates To use an application certificate that a third-party CA issues, you must obtain both the signed application certificate and the CA root certificate from the CA. Collect information about obtaining these certificates from your CA. The process varies among CAs. Ensure that you get an RSA signed certificate from CA. Note Cisco Unified Operating System generates certificates in DER and PEM encoding formats and generates CSRs in PEM encoding format. It accepts certificates in DER and PEM encoding formats. For all certificate types, obtain and upload a CA root certificate and an application certificate on each node. Or upload Certificate Chain that has both the application certificate and the chain of the corresponding certificate issuer. The CSRs for Tomcat and IPSec use the following extensions: X509v3 Key Usage: Digital Signature, Key Encipherment, Data Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, IPSec End System 1. Upload the CA root certificate of the CA that signed an application certificate. If a subordinate CA signs an application certificate, you must upload the CA root certificate of the subordinate CA, not the root CA. 2. Upload CA root certificates and application certificates by using the same Upload Certificate dialog box. When you upload a CA root certificate, choose the certificate name with the format certificate type-trust. 3. When you upload an application certificate, choose the certificate name that only includes the certificate type. For example, choose tomcat-trust when you upload a Tomcat CA root certificate; choose tomcat when you upload a Tomcat application certificate. Restart the Unified CCX server. Monitor Certificate Expiration Dates The system can automatically send you an e-mail when a certificate is close to its expiration date. To view and configure the Certificate Expiration Monitor, follow this procedure: Step 1 Navigate to Security > Certificate Monitor. The Certificate Monitor window appears. Step 2 Enter the required configuration information. See the table below for a description of the Certificate Monitor Expiration fields. Step 3 To save your changes, click Save. Table 7: Certificate Monitor Field Descriptions Description Field Enter the number of days before the certificate expires that you want to be notified. Notification Start Time Cisco Unified Operating System Administration Guide for Cisco Unified CCX and Cisco Unified IP IVR, Release 12.5(1) SU3 26 Security Application Certificates