Guest

Preview Tool

Cisco Bug: CSCuq48738 - UCM tomcat etc, CSR does not contain usage key: CertSign, document does

Last Modified

Feb 06, 2017

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

9.0(1.95010.16)

Description (partial)

Symptom:
- Callmanager, tomcat, ipsec CSR does not contain the basic usage key extension CertSign. However our documentation contains it, please reference the following:

Cisco Unified Communications Operating System Administration Guide, Release 10.0(1)
Security
Third-Party CA Certificates
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/cucos/10_0_1/CUCM_BK_C2F2626C_00_cucm-os-admin-guide-100/CUCM_BK_C2F2626C_00_cucm-os-admin-guide-100_chapter_0110.html#CUCM_RF_TF4B6BF0_00

quote:
The CSRs for Cisco Unified Communications Manager, Tomcat, and IPsec use the following extensions:
"X509v3 extensions:X509v3 Key Usage:
Digital Signature, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign"

 - The CertSign basic key usage extension is only required for the CAPF certificate as the CAPF will be an intermediate certificate in the certificate chain.

Conditions:
- The above documentation typo is referenced in all the CUCM Operating System administration guide for 9.x, 10.x. Please see the following:
 
Cisco Unified Communications Operating System Administration Guide, Release 9.0(1)
Security
Third-party CA certificates
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/cucos/9_0_1/cucos/CUCM_BK_C55421AF_00_cucm-os-admin-guide-90/CUCM_BK_C55421AF_00_cisco-unified-communications-manager-operating_chapter_0110.html#CUCM_RF_TF4B6BF0_00 
 
 - The document changes started in CUCM 9.x, however prior to v9, CUCM 8.x displayed the correct settings. Please see:

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/cucos/8_0_1/cucos/osg_801_cm/iptpch6.html#wp1055278

quote:
The CSRs for Cisco Unified Communications Manager, Tomcat, and IPSec use the following extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment, Data Encipherment, Key Agreement
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.