Guest

Preview Tool

Cisco Bug: CSCvs73592 - [Doc] SIP OAuth Mode for MRA - Tomcat trust used for 5091 MRA port

Last Modified

Jan 21, 2020

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

12.5(1.11900.146)

Description (partial)

Symptom:
SIP OAuth Mode for MRA feature configuration guide should mention that the "tomcat" certificate and the "tomcat-trust" store is being used for "SIP Mobile and Remote Access OAuth Port" which by default equals to 5091. 

Background:
5091 port is used for SIP OAuth mode over MRA. CallManager process listens on this port. mTLS is used, UCM sends it Tomcat certificate which must be verified by EXP-C, and EXP-C certificate is verified  on UCM against the Tomcat-trust store. 

SIP OAuth Mode for UCM 12.5.1 & 12.5.1 SU1
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/12_5_1/featureConfig/cucm_b_feature-configuration-guide-1251/cucm_b_feature-configuration-guide-1251_chapter_0110100.html

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/12_5_1SU1/cucm_b_feature-configuration-guide-for-cisco1251SU1/cucm_b_feature-configuration-guide-for-cisco1251SU1_chapter_0110100.html

The customer needs to do extra steps to upload the Exp-C certificate into tomcat-trust of CUCM in case of:
-EXP-C and UCM Tomcat certificate are not signed by the same CA certificate
-UCM Tomcat certificate is not CA signed at all

Conditions:
UCM 12.5.1 and 12.5.1su1 with SIP OAuth mode configuration over MRA
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.