PDF(224.5 KB) View with Adobe Reader on a variety of devices
ePub(280.0 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(258.8 KB) View on Kindle device or Kindle app on multiple devices
Updated:October 27, 2020
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes how to set up a Cisco Voice Operating System (CVOS) system cluster with the use of a Certificate Authority (CA)-Signed Multi-Server Subject Alternate Name (SAN).
CVOS system covers CUIC, Finesse, Livedata, IdS and VVB systems in UCCE environment.
With Multi-Server SAN certificates, only one CSR is required to be signed by CA for one cluster of nodes, rather than the requirement to obtain a CSR from each server node of the cluster and then obtain a CA-signed certificate for each CSR and manage them individually.
Edited by Randy Wu, Cisco TAC Engineers, and contributed by Venu Gopal Sane, Cisco Engineer.
Before you attempt this configuration, ensure these services are up and functional:
Cisco Tomcat service
Cisco Certificate Change Notification
Cisco Certificate Expiry Monitor
Cisco recommends that you have knowledge of these topics:
Cisco Unified Contact Center Enterprise (UCCE) Release 12.5
Cisco Package Contact Center Enterprise (PCCE) Release 12.5
Cisco Virtualized Voice Browser (CVVB) 12.5
Cisco Finesse 12.5
Cisco Unified Intelligence Center 12.5
CVOS Operating System administration - Certificate Management
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Step1. Log into Operating System (OS) Administration and navigate toSecurity > Certificate Management > Generate CSR
Step2. Select Multi-Server SAN in Distribution
It auto populates the SAN domains and the parent domain.
Step3. Successful generation of CSR shows below message
Step4. Upon successful generation of CSR, generated CSR can be seen like below, which can be downloaded to sent to CA for sigining
Step5. Upload the CA signed certificate as type tomcat into the Publisher node of the cluster in certificate management page and follow the instructions displayed upon successful upload
Step6. After successful file uploaded, verify the certificate list showing new CA-signed certificate as type multi-SAN
Click on the new multi-SAN certificate, verify SubjectAltNames shows Domain Name and FQDNs of all cluster node(s)
Login to cmplatform page of Subscriber nodes and verify same multi-SAN certificate is populated using http://<any-node-fqdn>:8443/cmplatform
Collect the following certificate management logs from CLI access and open the case with Cisco TAC: