Plantronics + Polycom. Now together as Poly Logo

the certificate cma self-signed certificate will expire February 2019

Frequent Advisor

Re: the certificate cma self-signed certificate will expire February 2019

Hello Mike,

 

I created an CSR and the only option that gave me for rsa key was 2048.

Now I got a certificate (again with a 2048 length key) from a local certificate in the organization but I received only one cer file which does not includes the root certificate.

Is this ok?

 

I am asking because you mentioned this

 


@MikeB wrote:

if you are getting your host certificate from a local CA within your domain you will most likely not have any intermediate CA certificates.


 

Message 21 of 82
Polycom Employee

Re: the certificate cma self-signed certificate will expire February 2019

If you weren't issued a CA cert along with the CMA host cert then you will have a problem. If you try to install the host cert the CMA will complain about not being able to validate the issuer. The normal procedure is to install the CA cert first and then the host cert. 

 

Since we are talking about a local domain certificate you probably have the root CA cert installed on your PC. First you would have to look at the host certificate that was issued to you and find the Issuer field. Then in your PC local certificate store go through the Trusted Root Certificate Authorities list and find the cert that matches the Issuer. Right click on that and export it as a Base-64 encoded X.509 file. Upload that .cer file to the CMA then upload the CMA host certificate you were given.

 

 

Michael K. Bromley, CVE, CCENT, WCNA, VCA-DCV
Technical Lead
Infrastructure Technical Support Center
Message 22 of 82
Frequent Advisor

Re: the certificate cma self-signed certificate will expire February 2019

Hello Mike,

 

Your help is tremendous. Thank you very much.

One last note, if for some reason there is an intermediate CA (or more), the procedure is

1) upload the root certificate

2) upload any intermediate certificates

3) upload host certificate

 

Thank you very much again.

Message 23 of 82
Polycom Employee

Re: the certificate cma self-signed certificate will expire February 2019

That's the order I do them, yes.

 

 

Michael K. Bromley, CVE, CCENT, WCNA, VCA-DCV
Technical Lead
Infrastructure Technical Support Center
Message 24 of 82
Occasional Advisor

Re: the certificate cma self-signed certificate will expire February 2019

After these steps, there is no access to the local user database. Mistake @0@ ???

Message 25 of 82
Visitor

Re: the certificate cma self-signed certificate will expire February 2019

Hi Mike, when I upload the root-certificate (local domain), I am getting the message that the certificate is invalid and it must be valid before the CMA will be restarted. This is because the certificate has an incomplete trust chain and the certificate has no associated CRL. But the uploaded certificate is recognized as "Trusted root CA". Can I ignore the message? My next steps are to restart the CMA, upload the host-certificate and restart the CMA again. Am I on the right way? Thank you for your help! Markus
Message 26 of 82
Highlighted
Occasional Advisor

Re: the certificate cma self-signed certificate will expire February 2019

"Hi Mike, when I upload the root-certificate (local domain), I am getting the message that the certificate is invalid and it must be valid before the CMA will be restarted. This is because the certificate has an incomplete trust chain and the certificate has no associated CRL. But the uploaded certificate is recognized as "Trusted root CA". Can I ignore the message? My next steps are to restart the CMA, upload the host-certificate and restart the CMA again. Am I on the right way? Thank you for your help! Markus"

 

After these actions and reboot, the local user base disappeared. But at the same time authorization works (from somewhere he knows about the users who were in the database)

Message 27 of 82
Visitor

Re: the certificate cma self-signed certificate will expire February 2019

Hi ELetyagin, have you also got the message concerning the incomplete trust chain and the not associated CRL? And have you also restarted your CMA between the imports of the root-certificate and the host-certificate? I am not sure... Thank you for sharing your experiences with me!
Message 28 of 82
Occasional Advisor

Re: the certificate cma self-signed certificate will expire February 2019

Yes!

Message 29 of 82
Frequent Advisor

Re: the certificate cma self-signed certificate will expire February 2019

Hello Mike,

 

I have the same problem as the rest of the people.

 

I have uploaded a single file containing the root certificate and the intermediate.

The system requested for a reboot and I have rebooted the unit.

 

When the system returned online, I got a message saying "The certificate has an incomplete trust chaing".

 

If I install the root and intermediate certificate in my windows pc, the final certificates turns up fine trusted as it should so I don't think there is a problem with the certs.

 

Also I lost the user database I get the same message @0@, even if I add a user, the new user is not visible.

 

Message 30 of 82