subject:"\[cisco\-voip\] Phantom tomcat\-trust cert"

Re: [cisco-voip] Phantom tomcat-trust cert

2015-10-23 Thread Andrew Grech

https://tools.cisco.com/bugsearch/bug/CSCuv75866

On Tue, 6 Oct 2015 2:14 am Brian Meade  wrote:

> Maybe this? https://tools.cisco.com/bugsearch/bug/CSCun33173
>
> Try manually stopping the Cisco Intercluster Sync Agent Service and
> deleting the certificate.
>
> On Sun, Oct 4, 2015 at 10:45 PM, James Andrewartha <
> jandrewar...@ccgs.wa.edu.au> wrote:
>
>> On 02/10/15 02:57, Brian Meade wrote:
>> > You can try to download the tomcat.pem from the publisher and manually
>> > install it on the presence server as a tomcat-trust.  Since the Common
>> > Name is the same, it should replace the existing tomcat-trust.
>>
>> It did replace the existing tomcat-trust, however it still got
>> overwritten from the publisher by the cert expiring in 2015. I even
>> tried downloading/uploading the cert as .der instead of .pem as that's
>> what the expiry email says, but no go.
>>
>> --
>> James Andrewartha
>> Network & Projects Engineer
>> Christ Church Grammar School
>> Claremont, Western Australia
>> Ph. (08) 9442 1757
>> Mob. 0424 160 877
>>
>
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Phantom tomcat-trust cert

2015-10-05 Thread Brian Meade

Maybe this? https://tools.cisco.com/bugsearch/bug/CSCun33173

Try manually stopping the Cisco Intercluster Sync Agent Service and
deleting the certificate.

On Sun, Oct 4, 2015 at 10:45 PM, James Andrewartha <
jandrewar...@ccgs.wa.edu.au> wrote:

> On 02/10/15 02:57, Brian Meade wrote:
> > You can try to download the tomcat.pem from the publisher and manually
> > install it on the presence server as a tomcat-trust.  Since the Common
> > Name is the same, it should replace the existing tomcat-trust.
>
> It did replace the existing tomcat-trust, however it still got
> overwritten from the publisher by the cert expiring in 2015. I even
> tried downloading/uploading the cert as .der instead of .pem as that's
> what the expiry email says, but no go.
>
> --
> James Andrewartha
> Network & Projects Engineer
> Christ Church Grammar School
> Claremont, Western Australia
> Ph. (08) 9442 1757
> Mob. 0424 160 877
>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Phantom tomcat-trust cert

2015-10-04 Thread James Andrewartha

On 02/10/15 02:57, Brian Meade wrote:
> You can try to download the tomcat.pem from the publisher and manually
> install it on the presence server as a tomcat-trust.  Since the Common
> Name is the same, it should replace the existing tomcat-trust.

It did replace the existing tomcat-trust, however it still got
overwritten from the publisher by the cert expiring in 2015. I even
tried downloading/uploading the cert as .der instead of .pem as that's
what the expiry email says, but no go.

-- 
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Phantom tomcat-trust cert

2015-10-01 Thread Brian Meade

You can try to download the tomcat.pem from the publisher and manually
install it on the presence server as a tomcat-trust.  Since the Common Name
is the same, it should replace the existing tomcat-trust.

On Wed, Sep 30, 2015 at 10:19 PM, James Andrewartha <
jandrewar...@ccgs.wa.edu.au> wrote:

> On 30/09/15 22:29, Brian Meade wrote:
> > So if you stop the certificate change notification service on the
> > publisher and that presence server then delete the tomcat-trust on the
> > presence server, you see it propagate that old tomcat-trust again to the
> > presence server after the services are started again?
>
> Correct, with the exception that there's no certificate change
> notification service on the presence server, only an expiry monitor.
>
> --
> James Andrewartha
> Network & Projects Engineer
> Christ Church Grammar School
> Claremont, Western Australia
> Ph. (08) 9442 1757
> Mob. 0424 160 877
>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Phantom tomcat-trust cert

2015-09-30 Thread James Andrewartha

On 30/09/15 22:29, Brian Meade wrote:
> So if you stop the certificate change notification service on the
> publisher and that presence server then delete the tomcat-trust on the
> presence server, you see it propagate that old tomcat-trust again to the
> presence server after the services are started again?

Correct, with the exception that there's no certificate change
notification service on the presence server, only an expiry monitor.

-- 
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Phantom tomcat-trust cert

2015-09-30 Thread Brian Meade

So if you stop the certificate change notification service on the publisher
and that presence server then delete the tomcat-trust on the presence
server, you see it propagate that old tomcat-trust again to the presence
server after the services are started again?

On Wed, Sep 30, 2015 at 12:26 AM, James Andrewartha <
jandrewar...@ccgs.wa.edu.au> wrote:

> On 15/09/15 22:34, Brian Meade wrote:
> > Stop the certificate change notification service on all nodes and then
> > delete all the old tomcat-trust certs.  You can then restart the service
> > and they shouldn't come back.
>
> This worked for most of them, but there's still one that is propagating
> from the publisher to IM for the publisher tomcat-trust:
>
> On presence, this is the one that comes back if I delete it:
>
> admin:show cert trust tomcat-trust/callmanager1.voip.ccgs.wa.edu.au.pem
> [
>   Version: V3
>   Serial Number: 39A72D2638CD12B5
>   SignatureAlgorithm: SHA1withRSA (1.2.840.113549.1.1.5)
>   Issuer Name: C=AU, ST=Western Australia, L=Queenslea Drive, Claremont,
> O=Christ Church Grammar School, OU=ICT Services,
> CN=callmanager1.voip.ccgs.wa.edu.au
>   Validity From: Thu Sep 23 09:49:29 WST 2010
>To:   Wed Sep 23 09:49:29 WST 2015
>   Subject Name: C=AU, ST=Western Australia, L=Queenslea Drive,
> Claremont, O=Christ Church Grammar School, OU=ICT Services,
> CN=callmanager1.voip.ccgs.wa.edu.au
>
>
> On callmanager1:
>
> admin:show cert trust tomcat-trust/callmanager1.voip.ccgs.wa.edu.au.pem
> [
>   Version: V3
>   Serial Number: B231C6ACDB211AEE6C18BDC8700A0EE
>   SignatureAlgorithm: SHA256withRSA (1.2.840.113549.1.1.11)
>   Issuer Name: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
>   Validity From: Wed Apr 08 08:00:00 WST 2015
>To:   Wed Jun 13 20:00:00 WST 2018
>   Subject Name: CN=callmanager1.voip.ccgs.wa.edu.au, O=Christ Church
> Grammar School, L=Claremont, ST=Western Australia, C=AU
>
> The new tomcat cert is a SAN cert, so maybe I've hit some sort of bug?
>
> --
> James Andrewartha
> Network & Projects Engineer
> Christ Church Grammar School
> Claremont, Western Australia
> Ph. (08) 9442 1757
> Mob. 0424 160 877
>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Phantom tomcat-trust cert

2015-09-29 Thread James Andrewartha

On 15/09/15 22:34, Brian Meade wrote:
> Stop the certificate change notification service on all nodes and then
> delete all the old tomcat-trust certs.  You can then restart the service
> and they shouldn't come back.

This worked for most of them, but there's still one that is propagating
from the publisher to IM for the publisher tomcat-trust:

On presence, this is the one that comes back if I delete it:

admin:show cert trust tomcat-trust/callmanager1.voip.ccgs.wa.edu.au.pem
[
  Version: V3
  Serial Number: 39A72D2638CD12B5
  SignatureAlgorithm: SHA1withRSA (1.2.840.113549.1.1.5)
  Issuer Name: C=AU, ST=Western Australia, L=Queenslea Drive, Claremont,
O=Christ Church Grammar School, OU=ICT Services,
CN=callmanager1.voip.ccgs.wa.edu.au
  Validity From: Thu Sep 23 09:49:29 WST 2010
   To:   Wed Sep 23 09:49:29 WST 2015
  Subject Name: C=AU, ST=Western Australia, L=Queenslea Drive,
Claremont, O=Christ Church Grammar School, OU=ICT Services,
CN=callmanager1.voip.ccgs.wa.edu.au


On callmanager1:

admin:show cert trust tomcat-trust/callmanager1.voip.ccgs.wa.edu.au.pem
[
  Version: V3
  Serial Number: B231C6ACDB211AEE6C18BDC8700A0EE
  SignatureAlgorithm: SHA256withRSA (1.2.840.113549.1.1.11)
  Issuer Name: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
  Validity From: Wed Apr 08 08:00:00 WST 2015
   To:   Wed Jun 13 20:00:00 WST 2018
  Subject Name: CN=callmanager1.voip.ccgs.wa.edu.au, O=Christ Church
Grammar School, L=Claremont, ST=Western Australia, C=AU

The new tomcat cert is a SAN cert, so maybe I've hit some sort of bug?

-- 
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Phantom tomcat-trust cert

2015-09-15 Thread Brian Meade

Stop the certificate change notification service on all nodes and then
delete all the old tomcat-trust certs.  You can then restart the service
and they shouldn't come back.

On Tue, Sep 15, 2015 at 1:22 AM, James Andrewartha <
jandrewar...@ccgs.wa.edu.au> wrote:

> Hi list,
>
> Our cluster is nearly 5 years old, so I've done the certificate dance,
> including using Digicert for the tomcat multi-server cert. However, some
> old certs that are about to expire keep appearing as tomcat-trust certs.
> I've deleted them several times, but they keep coming back overnight.
> Even after I rebooted the cluster out of hours they've come back again.
> It's mostly cosmetic, I just keep getting alert emails saying they're
> going to expire. Has anyone seen this before? Running 10.5.2.
>
> Thanks,
>
> --
> James Andrewartha
> Network & Projects Engineer
> Christ Church Grammar School
> Claremont, Western Australia
> Ph. (08) 9442 1757
> Mob. 0424 160 877
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

[cisco-voip] Phantom tomcat-trust cert

2015-09-14 Thread James Andrewartha

Hi list,

Our cluster is nearly 5 years old, so I've done the certificate dance,
including using Digicert for the tomcat multi-server cert. However, some
old certs that are about to expire keep appearing as tomcat-trust certs.
I've deleted them several times, but they keep coming back overnight.
Even after I rebooted the cluster out of hours they've come back again.
It's mostly cosmetic, I just keep getting alert emails saying they're
going to expire. Has anyone seen this before? Running 10.5.2.

Thanks,

-- 
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Phantom tomcat-trust cert

Re: [cisco-voip] Phantom tomcat-trust cert

Re: [cisco-voip] Phantom tomcat-trust cert

Re: [cisco-voip] Phantom tomcat-trust cert

Re: [cisco-voip] Phantom tomcat-trust cert

Re: [cisco-voip] Phantom tomcat-trust cert

Re: [cisco-voip] Phantom tomcat-trust cert

Re: [cisco-voip] Phantom tomcat-trust cert

[cisco-voip] Phantom tomcat-trust cert

9 matches

Site Navigation

Mail list logo

Footer information