Re: [cisco-voip] UCCX tomcat - move to CA signed certificate Gotya's?
Well seemed to work OK thanks for assistance Anthony and Matthew. So this for 9.02 UCCX automatically chained the certificates, socialminer 10.5 required me to specify the root where in the Intermediate host and issuing server came from. I should have added an additional SAN for the IP of the server as Calabrio wants to use the IP for JAVA... Matthew I was talking about internal certificates but chained CA's. People used to just sign with a root but now its common for Root > intermediate and issuing server . See this post https://supportforums.cisco.com/document/30501/cucm-uploading-ccmadmin-web-gui-certificates the extra steps were not required. Thanks Anthony for the link I did it out of hours as I saw CAD but didn't see any affect... PS Anthony I'd love to hear how you went with Presence, I still have a TAC case open for DRS which is preventing me from clustering the server. On Mon, Sep 15, 2014 at 9:58 PM, Matthew Loraditch < mloradi...@heliontechnologies.com> wrote: > I had to upload my root, but it was internal, not sure about public CAs. > > > > > > Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA > > 1965 Greenspring Drive > Timonium, MD 21093 > > direct voice. 443.541.1518 > fax. 410.252.9284 > > Twitter <http://twitter.com/heliontech> | Facebook > <http://www.facebook.com/#!/pages/Helion/252157915296> | Website > <http://www.heliontechnologies.com/> | Email Support > > > Support Phone. 410.252.8830 > > > > > > *From:* Andrew Grech [mailto:agrec...@gmail.com] > *Sent:* Monday, September 15, 2014 7:54 AM > *To:* Matthew Loraditch > *Subject:* RE: [cisco-voip] UCCX tomcat - move to CA signed certificate > Gotya's? > > > > Thanks im actually doing it now on uccx 9.02, it must automatically chain > my CAs? In socialminer 10.5 you have to tell it the root it came from... > > On 15/09/2014 9:51 PM, "Matthew Loraditch" < > mloradi...@heliontechnologies.com> wrote: > > The only gotcha I can think of is, if you are on newer versions even > though it’s one cert you have to restart Tomcat, CUIC and Finesse, if you > are using it, as they all run as separate instances. > > > > HTH > > > > > > Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA > > 1965 Greenspring Drive > Timonium, MD 21093 > > direct voice. 443.541.1518 > fax. 410.252.9284 > > Twitter <http://twitter.com/heliontech> | Facebook > <http://www.facebook.com/#!/pages/Helion/252157915296> | Website > <http://www.heliontechnologies.com/> | Email Support > > > Support Phone. 410.252.8830 > > > > > > *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On Behalf > Of *Anthony Holloway > *Sent:* Sunday, September 14, 2014 10:12 PM > *To:* Andrew Grech > *Cc:* Cisco VoIP Group > *Subject:* Re: [cisco-voip] UCCX tomcat - move to CA signed certificate > Gotya's? > > > > Andrew, > > > > Check out the port utilization guide to figure out what tomcat is > responsible for. > > > > > http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_9_02/configuration/guide/UCCX_BK_P89325D5_00_port-utilization-guide-uccx-902.pdf > > On Sunday, September 14, 2014, Andrew Grech wrote: > > I'm going to signing my UCCX tomcat certificate with a internal trusted > root authority this week and restarting the Tomcat service. Can anyone > think of any issues this may cause for logged in agents or the contact > center general? > > > > This is going to be done for the socialminer agent desktop page. > > > > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] UCCX tomcat - move to CA signed certificate Gotya's?
I had to upload my root, but it was internal, not sure about public CAs. Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA 1965 Greenspring Drive Timonium, MD 21093 direct voice. 443.541.1518 fax. 410.252.9284 Twitter<http://twitter.com/heliontech> | Facebook<http://www.facebook.com/#!/pages/Helion/252157915296> | Website<http://www.heliontechnologies.com/> | Email Support<mailto:supp...@heliontechnologies.com?subject=Technical%20Support%20Request> Support Phone. 410.252.8830 From: Andrew Grech [mailto:agrec...@gmail.com] Sent: Monday, September 15, 2014 7:54 AM To: Matthew Loraditch Subject: RE: [cisco-voip] UCCX tomcat - move to CA signed certificate Gotya's? Thanks im actually doing it now on uccx 9.02, it must automatically chain my CAs? In socialminer 10.5 you have to tell it the root it came from... On 15/09/2014 9:51 PM, "Matthew Loraditch" mailto:mloradi...@heliontechnologies.com>> wrote: The only gotcha I can think of is, if you are on newer versions even though it’s one cert you have to restart Tomcat, CUIC and Finesse, if you are using it, as they all run as separate instances. HTH Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA 1965 Greenspring Drive Timonium, MD 21093 direct voice. 443.541.1518 fax. 410.252.9284 Twitter<http://twitter.com/heliontech> | Facebook<http://www.facebook.com/#!/pages/Helion/252157915296> | Website<http://www.heliontechnologies.com/> | Email Support<mailto:supp...@heliontechnologies.com?subject=Technical%20Support%20Request> Support Phone. 410.252.8830 From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net<mailto:cisco-voip-boun...@puck.nether.net>] On Behalf Of Anthony Holloway Sent: Sunday, September 14, 2014 10:12 PM To: Andrew Grech Cc: Cisco VoIP Group Subject: Re: [cisco-voip] UCCX tomcat - move to CA signed certificate Gotya's? Andrew, Check out the port utilization guide to figure out what tomcat is responsible for. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_9_02/configuration/guide/UCCX_BK_P89325D5_00_port-utilization-guide-uccx-902.pdf On Sunday, September 14, 2014, Andrew Grech mailto:agrec...@gmail.com>> wrote: I'm going to signing my UCCX tomcat certificate with a internal trusted root authority this week and restarting the Tomcat service. Can anyone think of any issues this may cause for logged in agents or the contact center general? This is going to be done for the socialminer agent desktop page. ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] UCCX tomcat - move to CA signed certificate Gotya's?
The only gotcha I can think of is, if you are on newer versions even though it’s one cert you have to restart Tomcat, CUIC and Finesse, if you are using it, as they all run as separate instances. HTH Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA 1965 Greenspring Drive Timonium, MD 21093 direct voice. 443.541.1518 fax. 410.252.9284 Twitter<http://twitter.com/heliontech> | Facebook<http://www.facebook.com/#!/pages/Helion/252157915296> | Website<http://www.heliontechnologies.com/> | Email Support<mailto:supp...@heliontechnologies.com?subject=Technical%20Support%20Request> Support Phone. 410.252.8830 From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Anthony Holloway Sent: Sunday, September 14, 2014 10:12 PM To: Andrew Grech Cc: Cisco VoIP Group Subject: Re: [cisco-voip] UCCX tomcat - move to CA signed certificate Gotya's? Andrew, Check out the port utilization guide to figure out what tomcat is responsible for. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_9_02/configuration/guide/UCCX_BK_P89325D5_00_port-utilization-guide-uccx-902.pdf On Sunday, September 14, 2014, Andrew Grech mailto:agrec...@gmail.com>> wrote: I'm going to signing my UCCX tomcat certificate with a internal trusted root authority this week and restarting the Tomcat service. Can anyone think of any issues this may cause for logged in agents or the contact center general? This is going to be done for the socialminer agent desktop page. ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] UCCX tomcat - move to CA signed certificate Gotya's?
Andrew, Check out the port utilization guide to figure out what tomcat is responsible for. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_9_02/configuration/guide/UCCX_BK_P89325D5_00_port-utilization-guide-uccx-902.pdf On Sunday, September 14, 2014, Andrew Grech wrote: > I'm going to signing my UCCX tomcat certificate with a internal trusted > root authority this week and restarting the Tomcat service. Can anyone > think of any issues this may cause for logged in agents or the contact > center general? > > This is going to be done for the socialminer agent desktop page. > > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] UCCX tomcat - move to CA signed certificate Gotya's?
Nothing I can think of off hand but I am interested in how this works out for you On Sun, Sep 14, 2014 at 8:28 AM, Andrew Grech wrote: > I'm going to signing my UCCX tomcat certificate with a internal trusted > root authority this week and restarting the Tomcat service. Can anyone > think of any issues this may cause for logged in agents or the contact > center general? > > This is going to be done for the socialminer agent desktop page. > > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > -- Ed Leatherman ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] UCCX tomcat - move to CA signed certificate Gotya's?
I'm going to signing my UCCX tomcat certificate with a internal trusted root authority this week and restarting the Tomcat service. Can anyone think of any issues this may cause for logged in agents or the contact center general? This is going to be done for the socialminer agent desktop page. ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip