Yes that's what I've found, but that's basically telling me to build a whole new CA. Which is not hard in and of itself, it's the implications of having multiple Cas and/or migrating all of the other certs. Trying to avoid overcomplicating things when I have zero need for that kind of encryption.
From: NateCCIE [mailto:natec...@gmail.com] Sent: Sunday, October 23, 2016 12:40 PM To: Matthew Loraditch <mloradi...@heliontechnologies.com>; 'Ryan Huff' <ryanh...@outlook.com> Cc: cisco-voip@puck.nether.net Subject: RE: [cisco-voip] CCX 11.5 Upgrade Issues Not much of a windows guy anymore, (MCSE Windows 2000), but this looks pretty easy, but I imagine it's under the control of some other person/group. https://technet.microsoft.com/en-us/library/ff829847(v=ws.10).aspx -Nate From: Matthew Loraditch [mailto:mloradi...@heliontechnologies.com] Sent: Sunday, October 23, 2016 9:16 AM To: NateCCIE <natec...@gmail.com<mailto:natec...@gmail.com>>; 'Ryan Huff' <ryanh...@outlook.com<mailto:ryanh...@outlook.com>> Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> Subject: RE: [cisco-voip] CCX 11.5 Upgrade Issues We use our AD CA for the certs and setting that up to do EC certs is not a tiny bit of work. Everything I've read basically indicated I have to rebuild the thing from scratch. The Cert Management page indicates I can actually turn them off in Enterprise Parameters... but that's not exposed in UCCX. I'll probably be just using GPO to push the self signed certs to my agent's PCs for now. From: NateCCIE [mailto:natec...@gmail.com] Sent: Sunday, October 23, 2016 11:04 AM To: Matthew Loraditch <mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>>; 'Ryan Huff' <ryanh...@outlook.com<mailto:ryanh...@outlook.com>> Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> Subject: RE: [cisco-voip] CCX 11.5 Upgrade Issues http://www.cisco.com/c/en/us/support/docs/customer-collaboration/unified-contact-center-express/200651-UCCX-Version-11-5-Prerelease-Field-Commu.html All of the 11.5 stuff seems to have the ecdsa certs. Digicert issues them just fine on their wildcard cert. From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Matthew Loraditch Sent: Saturday, October 22, 2016 11:00 PM To: Ryan Huff <ryanh...@outlook.com<mailto:ryanh...@outlook.com>> Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> Subject: Re: [cisco-voip] CCX 11.5 Upgrade Issues Thanks. After another reboot. I've got admin pages on the primary. Also some finesse service is running on yet another port (12015) and giving me elliptic curve certs... Need to figure out how to disable them. TAC and Football tomorrow! From: Ryan Huff [mailto:ryanh...@outlook.com] Sent: Saturday, October 22, 2016 11:16 AM To: Matthew Loraditch <mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>> Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> Subject: Re: [cisco-voip] CCX 11.5 Upgrade Issues There is an ES for 11.5 FYI; not sure if any of your upgrade issues are covered in the ES ... but TAC may lead you down that path. Sent from my iPhone On Oct 22, 2016, at 11:09 AM, Matthew Loraditch <mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>> wrote: So I did one of these last night, just a few issues.. 1) None of the admin webpage services will start on the primary server. Tomcat logs don't show anything I understand or look like obvious errors. 2) Can't login to CUIC or the new Identity services with any combination of usernames I've tried. Just plain usernames, the built in admin account, CCX\username, etc. I've combed documentation for #2, but I'm either missing something or it doesn't exist. I read the SSO guide for identity services, but it skips over the login to it this way section and the configuration guide doesn't seem to mention it... DB Replication is good for both databases CCX and the platform DBs. CCX is operating, agents can login and queues are working correctly. I'll be calling TAC tomorrow, but if anyone has any insights or bug IDs that may save me time, I'd appreciate it. -Matthew _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
