Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

CM Certificates

CM Certificates

CM Certificates

Why do we have some default certificate in CM Weblogin-->Security-->Trusted certificates Tab?? What are these for. I also notice at some other site having a system manager CA certificate, whats that for.

Sorry if i am asking basic questions.

RE: CM Certificates

The Certificates are used for TLS, when integrating the various servers you add certificates, so you would add the System Manager CA Cert and also replace the server ID cert with one issued by the SMGR (This is of course as long as you are using the SMGR as your CA). When two peers trust the same Certificate issued by the CA they will trust each other so SM and CM can talk TLS. You would also remove the demo cert sip_product_root.crt while you are completing this process as its not advised to use it in production.

RE: CM Certificates

I asked because i found SNGR CA certificate beside the default certificate Trusted certificate TAB. I uninstalled that SMGR certificate as it was installed by a tech 4 months ago. After uninstalling the SMGR CA certificate i lost the duplex and ESS file Sync. When i ran save tr a or save tr ess i got error that Server cannot be access and error code showing is zero.
Can somebody guide how to restore file sync between duplex and ESS server?
In CM web access i checked the status of the server and it is showing ok. But save tr is not working.

RE: CM Certificates

put the cert back, in System Manager under Services/sercutity/certificates/Authority click on the CA Structure & CRLs, Download the PEM file. You should end up with "SystemManagerCA.cacert.pem" in your downloads folder, web browse the CM, under Server Maintenance go to Miscellaneous/Download Files, select check box for files to download from the machine I'm using and click on choose file, select the .pem file and select download. When it finishes go to Security/Trusted Certificates, click add and enter "SystemManagerCA.cacert.pem" in the box, give it a name (SMGRCERT is popular), tick all trusted repositories, click add.

Try the sync again.

RE: CM Certificates

Hi PAL thanks for the help. I have installed the SMGRCERT successfully. Need help regarding SYNC. Should i use CM web and SYNC option??? does this synching the server effect the telephone services??

RE: CM Certificates

just go back to cli and do a "sav tr ess" should work

RE: CM Certificates

Tried using ASA but still the same error. When i putty Active and Standby server i found the SMGRCERT in <cert> directory in Active server but it is missing in Standby server. Is it Sync necessary? or does it is service effecting

RE: CM Certificates

if it doesn't go across just do it manually in the second server using same process as before

RE: CM Certificates

When you add a new CM server you do 2 certs the main CA in Trusted cert's (common to all CM's) and a TLS Endpoint in Server/Application Certs (Individual to each CM).

RE: CM Certificates

Thanks very much Bro, Save tr a and save tr ess now shows no error.
Thanks again all.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close