Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CM Certificates

Status
Not open for further replies.
msk69

msk69

MIS
Joined
May 29, 2020
Messages
335
Location
PK
Why do we have some default certificate in CM Weblogin-->Security-->Trusted certificates Tab?? What are these for. I also notice at some other site having a system manager CA certificate, whats that for.

Sorry if i am asking basic questions.
 
Sort by date Sort by votes
The Certificates are used for TLS, when integrating the various servers you add certificates, so you would add the System Manager CA Cert and also replace the server ID cert with one issued by the SMGR (This is of course as long as you are using the SMGR as your CA). When two peers trust the same Certificate issued by the CA they will trust each other so SM and CM can talk TLS. You would also remove the demo cert sip_product_root.crt while you are completing this process as its not advised to use it in production.
 
Upvote 0 Downvote
I asked because i found SNGR CA certificate beside the default certificate Trusted certificate TAB. I uninstalled that SMGR certificate as it was installed by a tech 4 months ago. After uninstalling the SMGR CA certificate i lost the duplex and ESS file Sync. When i ran save tr a or save tr ess i got error that Server cannot be access and error code showing is zero.
Can somebody guide how to restore file sync between duplex and ESS server?
In CM web access i checked the status of the server and it is showing ok. But save tr is not working.
 
Upvote 0 Downvote
put the cert back, in System Manager under Services/sercutity/certificates/Authority click on the CA Structure & CRLs, Download the PEM file. You should end up with "SystemManagerCA.cacert.pem" in your downloads folder, web browse the CM, under Server Maintenance go to Miscellaneous/Download Files, select check box for files to download from the machine I'm using and click on choose file, select the .pem file and select download. When it finishes go to Security/Trusted Certificates, click add and enter "SystemManagerCA.cacert.pem" in the box, give it a name (SMGRCERT is popular), tick all trusted repositories, click add.

Try the sync again.
 
Upvote 0 Downvote
Hi PAL thanks for the help. I have installed the SMGRCERT successfully. Need help regarding SYNC. Should i use CM web and SYNC option??? does this synching the server effect the telephone services??
 
Upvote 0 Downvote
just go back to cli and do a "sav tr ess" should work
 
Upvote 0 Downvote
Tried using ASA but still the same error. When i putty Active and Standby server i found the SMGRCERT in <cert> directory in Active server but it is missing in Standby server. Is it Sync necessary? or does it is service effecting
 
Upvote 0 Downvote
if it doesn't go across just do it manually in the second server using same process as before
 
Upvote 0 Downvote
When you add a new CM server you do 2 certs the main CA in Trusted cert's (common to all CM's) and a TLS Endpoint in Server/Application Certs (Individual to each CM).
 
Upvote 0 Downvote
Thanks very much Bro, Save tr a and save tr ess now shows no error.
Thanks again all.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

phoneguy55
  • Locked
  • Question Question
Session Manager Identity Certificates
Replies
3
Views
738
kyle555
kyle555
M
  • Question Question
Avaya CM Vetor Queueing questions
Replies
1
Views
240
Pawell88
Pawell88
twlcolorado
  • Locked
  • Question Question
CM Coverage Issue
Replies
9
Views
973
twlcolorado
twlcolorado
Craft01
  • Locked
  • Question Question
CM Duplex with ESS
Replies
6
Views
1K
mattKnight
mattKnight
hcmbmt
  • Locked
  • Question Question
SMGR and CM sync but change no update
Replies
3
Views
620
hcmbmt
hcmbmt

Part and Inventory Search

Sponsor

Back
Top