Certificates for Cloud Connection
For on-premises deployments, you must obtain and upload certificates manually if you choose not to have Cisco manage cloud certificates automatically, or if a new certificate requirement is added that was not included in your system installation file. In these instances, you will have to download certificates manually from the CA site and upload them to Unified Communications Manager and IM and Presence Service. To choose this option, uncheck the I want Cisco to manage the Cisco Cloud Service CA Certificates required for this trust check box in the Cloud Onboarding Configuration window in Unified Communications Manager.
Root Certificates for Cloud Connection
Refer to the below table for the root certificates that you must obtain if you are uploading certificates manually. For details on how to upload certificates to Unified Communications Manager and IM and Presence Service, refer to the "Certificates" sections in the Security Guide for Cisco Unified Communications Manager. Make sure to select tomcat-trust as the Certificate Purpose.
Cloud hosts signed by this CA |
Must be trusted by |
For this purpose |
Issuing CA |
Fingerprint (Thumbprint) in SHA256 |
---|---|---|---|---|
Common Identity (CI) service |
Unified Communications Manager and IM and Presence Service |
|
O = IdenTrust |
5D 56 49 9B E4 D2 E0 8B CF CA D0 8A 3E 38 72 3D 50 50 3B DE 70 69 48 E4 2F 55 60 30 19 E5 28 AE |
Cisco Webex |
Cisco Unified Communications Manager andIM and Presence Service |
Unified Communications Manager communicates with Fusion Onboarding Service (FOS) to provision CI machine account. |
O = The Go Daddy Group, Inc. |
C3 84 6B F2 4B 9E 93 CA 64 27 4C 0E C6 7C 1E CC 5E 02 4F FC AC D2 D7 40 19 35 0E 81 FE 54 6A E4 |
Scenarios Where Cloud Certificates can be Uploaded Automatically
The following table shows whether onboarding will be successful with the I want Cisco to manage the Cisco Cloud Service CA certificates required for this trust check box selected in the Cisco Cloud Onboarding Configuration window, or whether certificates need to be uploaded manually for onboarding to be successful.
Scenario |
Installation iso file included the required certificates? |
You have chosen to have Cisco manage certificate requirements |
Onboarding is Successful? |
---|---|---|---|
Onboarding for first time |
Yes |
Yes |
Yes |
Onboarding for first time |
No. The certificate requirements changed sometime after the installation iso was created |
Yes |
No. You must obtain and upload the new certificates manually. See the preceding table "Root Certificates for Cloud Connection". |
You are already onboarded, but now a new certificate requirement has arisen |
Your installation will not include the required certificates |
Yes |
Yes. The system can fetch and install new certificates automatically. |