Mailing List Archive

It sounds like something is different between the old and new certs (besides the dates). As far as clients accessing Unity via a browser, the callmanager-trust certs are not involved. I'm not even sure they are used at all on a Unity server. I've never touched them.

I would take a look at the old and new certs and make sure the subject and SAN fields are all the same. There can be a lot of reasons for cert errors and the errors are all similar and hard to diagnose without access to the browser throwing the error, but that's the first thing I would check.



Matthew Loraditch
Sr. Network Engineer
direct: 443.541.1518
e: MLoraditch@heliontechnologies.com
www.heliontechnologies.com
From: cisco-voip <cisco-voip-bounces@puck.nether.net> On Behalf Of Terry Oakley
Sent: Wednesday, May 24, 2023 11:35 AM
To: 'voip puck' <cisco-voip@puck.nether.net>
Subject: [cisco-voip] Certificate issue and I am rubbish at certificates. (full disclosure)

[EXTERNAL]

On our Unity Connection server the certificates for Tomcat and Tomcat trust expired over the weekend, my oversight. I regenerated the certificates and both are now year 2028 expiry date. But we still get the same error if someone is trying to access their inbox (https://server/inbox/) (error is You cannot visit server right now because the website uses HSTS)

I noticed that there is a CallManager-Trust certificate that expired on the same day as the Tomcat certs. The CallManager-Trust certificate is issued by the CA (CA signed) but when I go to Generate a CSR I don't have the option to choose CallManager-Trust or Trust . I have Tomcat, Tomcat ecdsa or ipsec. The common name for the expired CallManager-Trust certificate is the UnityConnection server that users cannot get too. Little confused as to where this CallManager Trust certificate can be generated from.


Thank you

Terry