The information in this document is based on these software and hardware versions:

Similar documents
Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server

SAML-Based SSO Configuration

Unified Contact Center Enterprise (UCCE) Single Sign On (SSO) Certificates and Configuration

Certificates for Live Data Standalone

Certificates for Live Data

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

Configuration of Microsoft Live Communications Server for Partitioned Intradomain Federation

Using SSL to Secure Client/Server Connections

Cisco VVB Installation

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

SCCM Plug-in User Guide. Version 3.0

Unity Connection Version 10.5 SAML SSO Configuration Example

Genesys Security Deployment Guide. What You Need

SAML-Based SSO Configuration

Cisco Secure ACS for Windows v3.2 With PEAP MS CHAPv2 Machine Authentication

VMware AirWatch Certificate Authentication for EAS with ADCS

Best Practices for Security Certificates w/ Connect

Install Telepresence Content Server License Key(s)

Unified Communication Cluster Setup with CA Signed Multi Server Subject Alternate Name Configuration Example

Secure ACS for Windows v3.2 With EAP TLS Machine Authentication

Working with Cisco UCS Manager

Configuring Cisco Unified MeetingPlace Web Conferencing Security Features

Unified Communications Manager Version 10.5 SAML SSO Configuration Example

AirWatch Mobile Device Management

Managing Certificates

Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

Certificate Renewal on Cisco Identity Services Engine Configuration Guide

NBC-IG Installation Guide. Version 7.2

LDAP Directory Integration

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP. For VMware AirWatch

Set Up Certificate Validation

Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

Security Certificate Configuration for XMPP Federation

Reference. Base Configuration Updates

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

Create Golden Template

Managing Security Certificates in Cisco Unified Operating System

Mitel MiVoice Connect Security Certificates

Comodo Certificate Manager

Wired Dot1x Version 1.05 Configuration Guide

Post-Installation Tasks

Installing a SSL Server Certificate on Client Access Server

V1.0 Nonkoliseko Ntshebe October 2015 V1.1 Nonkoliseko Ntshebe March 2018

Installing the Cisco Unified MeetingPlace Web Server Software

Hypertext Transfer Protocol Over Secure Sockets Layer (HTTPS)

20411D D Enayat Meer

App Orchestration 2.6

Microsoft Dynamics GP Web Client Installation and Administration Guide For Service Pack 1

Software Installations for Components

Configuring Windows 7 VPN (Agile) Client for authentication to McAfee Firewall Enterprise v8. David LePage - Enterprise Solutions Architect, Firewalls

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Certificate Management in Cisco ISE-PIC

Secure IIS Web Server with SSL

Manage Certificates. Certificates Overview

Setting Up the Server

Microsoft Office Communicator Call Control with Microsoft OCS for IM and Presence Service on Cisco Unified Communications Manager, Release 11.

PEAP under Cisco Unified Wireless Networks with ACS 4.0 and Windows 2003

Module 3 Remote Desktop Gateway Estimated Time: 90 minutes

Enabling Microsoft Outlook Calendar Notifications for Meetings Scheduled from the Cisco Unified MeetingPlace End-User Web Interface

A certificate request and installation, can be performed by using the following tools:

SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 12.0(1)

Domain Name and Node Name Changes

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

Privileged Access Agent on a Remote Desktop Services Gateway

VMware Horizon Client for Chrome Installation and Setup Guide. 15 JUNE 2018 VMware Horizon Client for Chrome 4.8

System Administration

Scenarios for Setting Up SSL Certificates for View. Modified for Horizon VMware Horizon 7 7.3

Configuration Example for Secure SIP Integration Between CUCM and CUC based on Next Generation Encryption (NGE)

Hands-On Lab. Windows Azure Virtual Machine Roles. Lab version: Last updated: 12/14/2010. Page 1

Installing and Configuring vcloud Connector

Configuring Claims-based Authentication for Microsoft Dynamics CRM Server. Last updated: May 2015

Unified CCX Administration Web Interface

Installing and Configuring vcloud Connector

Abstract. Avaya Solution & Interoperability Test Lab

Authentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide

Upgrade from a Standalone Deployment to a Coresident Deployment (Cisco Unified Intelligence Center with Live Data and IdS)

VMware AirWatch Integration with RSA PKI Guide

Configure and Integrate CMS Single Combined

ms-help://ms.technet.2004apr.1033/ad/tnoffline/prodtechnol/ad/windows2000/howto/mapcerts.htm

Scenarios for Setting Up SSL Certificates for View. VMware Horizon 6 6.0

Windows Smart Card Logon Use Case

AppController :21:56 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N Rev 01 July, 2012

Workspace ONE UEM Certificate Authority Integration with JCCH. VMware Workspace ONE UEM 1810

BlackBerry AtHoc Networked Crisis Communication. Cisco IP Phone Blast NDS Installation Guide

Preupgrade. Preupgrade overview

Planning and Preparation

FireAMP Connector for Mac Diagnostic Data Collection

UCCX Licensing Basics

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Working with Cisco UCS Manager

Evaluation Quick Start Guide Version 10.0 FR1

Troubleshooting Exchange Calendaring Integrations

Installing an SSL certificate on your server

Cisco Unified Communications Operating System Administration Guide for Cisco Unity Connection Release 12.x

Active Directory 2000 Plugin Installation for Cisco CallManager

Microsoft Office Communicator Call Control with Microsoft OCS for IM and Presence Service on Cisco Unified Communications Manager, Release 9.

SOA Software Intermediary for Microsoft : Install Guide

Install and Issuing your first Full Feature Operator Card

Cisco Remote Expert Manager Agent s Workstation Setup Guide

Transcription:

Contents Introduction Prerequisites Requirements Components Used Configure Generate Certificate Signed Request Sign the Certificate on the Certificate Authority Install the Certificate Copy the certificate Import the Certificate into the Local Computer Store Bind IIS Certificate Verify Back out plan Troubleshoot Related Articles Introduction This document describes configuration process on how to install CA signed certificate for Unified Contact Center Enterprise (UCCE) Diagnostic Framework Portico tool. Prerequisites Requirements Cisco recommends that you have knowledge of these topics: Active Directory Domain Name System (DNS) server CA infrastructure deployed and working for all servers and client Diagnostic Framework Portico Accessing Diagnostic Framework Portico tool by typing the IP address in the browser without receiving certificate warning is out of scope of this article. Components Used The information in this document is based on these software and hardware versions: Cisco UCCE 11.0.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 R2 Certificate Authority Microsoft Windows 7 SP1 OS The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is

live, make sure that you understand the potential impact of any command. Configure Generate Certificate Signed Request Open Internet Information Services (IIS) Manager, select your site, Peripheral Gateway A (PGA) in the example, and Server Certificates. Select Create Certificate Request in the actions panel.

Enter Common name (CN), Organization (O), Organization unit (OU), Locality (L), State (ST), Country (C) fields. Common name must be the same as your Fully Qualified Domain Name (FQDN) hostname + domain name.

Leave default settings for cryptographic service provider and specify bit length: 2048. Select path where to store. For example on the desktop with pga.csr name. Open newly created request in the notepad.

Copy the certificate into the buffer with CTRL+C. Sign the Certificate on the Certificate Authority Note: If you are using external certificate authority (like GoDaddy) you need to contact them after having CSR file generated. Sign in to your CA server certificate enroll page. https://<ca-server-address>/certsrv Select Request Certificate, Advanced Certificate Request and paste the Certificate Signing Request (CSR) content to the buffer. Then select Certificate Template as Web Server. Download Base 64 encoded certificate.

Open the certificate and copy the content of the thumbprint field for later usage. Remove spaces from the thumbprint. Install the Certificate Copy the certificate Copy the newly generated certificate file into UCCE VM where Portico tool is located. Import the Certificate into the Local Computer Store On the same UCCE server launch Microsoft Management Console (MMC) console by selecting start menu, type run and mmc. Click Add/Remove snap-in and in the dialog box click Add. Then select Certificates menu and add. In the Certificates snap-in dialog box, click Computer Account > Local Computer > Finish. Navigate to the personal certificates folder. In the actions pane select More Actions > All Tasks > Import. Click Next, Browse and select the certificate that was generated previously and in the next menu

ensure that certificate store was set to personal. On the last screen verify Certificate Store and Certificate File selected and click Finish. Bind IIS Certificate Open CMD application. Navigate to Diagnostic Portico home folder. cd c:\icm\serviceability\diagnostics\bin Remove the current certificate binding for Portico tool. DiagFwCertMgr /task:unbindcert Bind CA signed certificate. Tip: Use some text editor (notepad++) to remove spaces in the hash. Use the hash saved before with spaces removed. DiagFwCertMgr /task:bindcertfromstore /certhash:bc6bbe23b8b3a26d8446c252400f9264c5c30a29 In case the certificate is bound successfully you should see the similar line in the output. "The certificate binding is VALID" Ensure that the certificate binding was successful using this command. DiagFwCertMgr /task:validatecertbinding Again similar message should be displayed in the output. "The certificate binding is VALID" Note: DiagFwCertMgr by default will use port 7890. Restart the Diagnostic Framework service. sc stop "diagfwsvc" sc start "diagfwsvc" Tip: Service list and especially Portico service name can be checked via tasklist command in CMD tool. tasklist /v Verify Open Diagnostic Framework page using FQDN and it should not prompt a certificate warning message. Back out plan

In case you lost the access to Portico tool you can regenerate self-signed certificate and add an exception. It can be done using this command. DiagFwCertMgr /task:createandbindcert Troubleshoot Do not use IP address when login to Diagnostic Framework Portico tool. You still receive a certificate warning, because FQDN has to match with the value specified in the certificate CN field. Verify that all the servers are synchronised with the NTP source. w32tm /monitor If you try to use Subject Alternative Name (SAN) or Elliptic Curve Digital Signature Algorithm (EC DSA) or 4096 key length certificate - first isolate that it is not specific to one of these features. Related Articles UCCE\PCCE - Procedure to obtain and upload Windows Server SelfSigned or Certificate Authority (CA) Certificate on 2008 servers Configure CA Signed Certificate via CLI in Cisco Voice Operating System (VOS)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback