So having more certs than need in the Truststore generally wont cause issues,
it’s just one more certificate that can potentially be trusted.
As long as the new certificates are signed by the same internal CA as the one
that is currently in the truststore for CUCM (all nodes), then you
Hi Ryan,
Both Expressway servers are signed by the internal CA. I have uploaded the root
and intermediate certificates, too.
But I am renewing the certificates on an existing cluster, and whoever
instelled it, they manually added the ExpC certs into tomcat-trust.
So, I understand that it would
Are the expressway-C server using self-signed certificates (I doubt it because
you said they are multi-san)?
Generally, CUCM doesn’t need to trust the identity certificate (unless it is
self signed). In all other cases, CUCM needs to trust the certificate authority
the signed the expressway-c
Hi, Guys
I am renewing the certificates in an Expressway X8.10.1 cluster. But I am
running into a conflict between the official documentation and how CUCM works.
I have set both Expressway-C certificates to use the Cluster name for the
Common Name and each server´s name as a SAN, as the
Thanks, I've seen that bug before (and another cisco doc) and that bug
says fixed in 8.11.x which we are on.
All 3 CUCMs are in our SRV records and show active on the Expressway side.
On Mon, Oct 14, 2019 at 12:04 PM Brian Meade wrote:
>
> You're may be hitting this limitation-
>
You're may be hitting this limitation-
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj49486
If not, are all 3 CUCM servers in the _cisco-uds SRV record and resolvable
by the Expressway-C?
On Mon, Oct 14, 2019 at 11:47 AM Erick Bergquist wrote:
> Has anyone seen where 8865 model phones
Has anyone seen where 8865 model phones don't register over MRA in
the UCM group if the some servers are not reachable?
8865s with 12.5.1 SR3 firmware
12.5.1 SU1 CUCM
2 expressway pairs
UCM group order (same as service group),
CCM1
CCM2
CCM3
When CCM1 and CCM2 are unreachable the MRA 8865