Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CUCM 8.6 Certificate bit size <2048 1

Status
Not open for further replies.
Williamsjl

Williamsjl

Technical User
Mar 26, 2014
6
US
I recently came to a site that recently upgraded from CUCM 7.1 to 8.6. During a retina scan, one finding was SSL Weakness, Certificate bits < 2048. I looked at the tomcat cert and found it was 1024. All documention shows that 8.6 Certs by default are 2048 and not adjustable. Does anyone know if generating a new tomcat cert will replace the 1024 cert with one that is 2048? I cant find any documention supporting this. If so, that shouldnt be service affecting to the phones, correct? Thanks
 
Sort by date Sort by votes
You should be able to regenerate the tomcat cert for 2048 unless you are running into a defect. No phone outages should be expected from this, you need to restart tomcat service however.
 
Upvote 0 Downvote
Thanks whykap. I appreciate it. Always good to get another opinion on things. I should do this on each server that showed up, not just the PUB, correct?
 
Upvote 0 Downvote
So i regenerated the tomcat self signed cert on each server and it did indeed come up as 2048. I also restarted the tomcat service on each pub/sub. Today I started to notice that phones that were registered where showing as unknown when looking up phones but when I searched for them on RTMT I could see the correct information. When I check the database replication, I'm showing all 2s, but then it acts like it can't see the three subs that the tomcat cert was also regenerated on. Any advice you could give would be great. Thanks
 
Upvote 0 Downvote
If you make a change on a phone is it reflected on the phone?
Change the line text label on one and see what happens.

Do all registered phones show as unknown? What if you log in the sub they are registered with?
Do they still show as unknown?

 
Upvote 0 Downvote
Database replication appears to be working fine. I can still make changes to devices and they reflect on the phones. If I log into a subscriber, I can see the registered status, even if a phone is registered to a seperate subscriber. Its just the publisher that isnt showing the correct info.
 
Upvote 0 Downvote
I restarted the RIS service on the PUB and that seemed to fix my issue. Thank you for all of your help. I truly appreciate you taking time out of your day for this.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

homemade88
  • Locked
  • Question
&quot;Callwithus&quot; Setup CUCM
Replies
1
Views
159
gnrslash4life
gnrslash4life
Diya Freahat
  • Locked
  • Question
called name between avaya I P office &amp; CUCM via SIP trunk
Replies
1
Views
192
Diya Freahat
Diya Freahat
jrothwell
  • Locked
  • Question
CMBE5000 / CUCM and Unity 8.6.2 licensing
Replies
0
Views
124
jrothwell
jrothwell
Judahbenhur69
  • Locked
  • Question
CUCM 12.5 to Ver 14
Replies
0
Views
152
Judahbenhur69
Judahbenhur69
Scparks
  • Locked
  • Question
CUCM Transfer key
Replies
1
Views
135
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top