Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CM Certificates

Status
Not open for further replies.

msk69

MIS
May 29, 2020
335
PK
Why do we have some default certificate in CM Weblogin-->Security-->Trusted certificates Tab?? What are these for. I also notice at some other site having a system manager CA certificate, whats that for.

Sorry if i am asking basic questions.
 
The Certificates are used for TLS, when integrating the various servers you add certificates, so you would add the System Manager CA Cert and also replace the server ID cert with one issued by the SMGR (This is of course as long as you are using the SMGR as your CA). When two peers trust the same Certificate issued by the CA they will trust each other so SM and CM can talk TLS. You would also remove the demo cert sip_product_root.crt while you are completing this process as its not advised to use it in production.
 
I asked because i found SNGR CA certificate beside the default certificate Trusted certificate TAB. I uninstalled that SMGR certificate as it was installed by a tech 4 months ago. After uninstalling the SMGR CA certificate i lost the duplex and ESS file Sync. When i ran save tr a or save tr ess i got error that Server cannot be access and error code showing is zero.
Can somebody guide how to restore file sync between duplex and ESS server?
In CM web access i checked the status of the server and it is showing ok. But save tr is not working.
 
put the cert back, in System Manager under Services/sercutity/certificates/Authority click on the CA Structure & CRLs, Download the PEM file. You should end up with "SystemManagerCA.cacert.pem" in your downloads folder, web browse the CM, under Server Maintenance go to Miscellaneous/Download Files, select check box for files to download from the machine I'm using and click on choose file, select the .pem file and select download. When it finishes go to Security/Trusted Certificates, click add and enter "SystemManagerCA.cacert.pem" in the box, give it a name (SMGRCERT is popular), tick all trusted repositories, click add.

Try the sync again.
 
Hi PAL thanks for the help. I have installed the SMGRCERT successfully. Need help regarding SYNC. Should i use CM web and SYNC option??? does this synching the server effect the telephone services??
 
Tried using ASA but still the same error. When i putty Active and Standby server i found the SMGRCERT in <cert> directory in Active server but it is missing in Standby server. Is it Sync necessary? or does it is service effecting
 
if it doesn't go across just do it manually in the second server using same process as before
 
When you add a new CM server you do 2 certs the main CA in Trusted cert's (common to all CM's) and a TLS Endpoint in Server/Application Certs (Individual to each CM).
 
Thanks very much Bro, Save tr a and save tr ess now shows no error.
Thanks again all.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top