Hi Ryan, Both Expressway servers are signed by the internal CA. I have uploaded the root and intermediate certificates, too. But I am renewing the certificates on an existing cluster, and whoever instelled it, they manually added the ExpC certs into tomcat-trust.
So, I understand that it would be safe to remove the ExpC certs from tomcat-trust and everything would be working fine? What about the use the cluster name/don´t use the cluster name contradiction? Thanks, Ariel. De: Ryan Huff <[email protected]> Enviado el: lunes, 14 de octubre de 2019 18:14 Para: ROZA, Ariel <[email protected]> CC: cisco-voip ([email protected]) <[email protected]> Asunto: Re: [cisco-voip] Expressway cluster certificates. Are the expressway-C server using self-signed certificates (I doubt it because you said they are multi-san)? Generally, CUCM doesn’t need to trust the identity certificate (unless it is self signed). In all other cases, CUCM needs to trust the certificate authority the signed the expressway-c certificates. If for example, GoDaddy signed the SSL certificates for the Expressway-C, CUCM just needs to trust the GoDaddy certificate authority chain. Sent from my iPhone
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
