Instead of trying to find a workaround that works for everyone I have fixed this the right way. I have created a new self-signed certificate that expires in 2029. That was the simple part. Implementation is a bit more problematic. As of right now it is a manual process. I would have to do a sceen sharing session with anyone having the problem and install the new certificate myself. I don't know how many users are experiencing the problem but I don't have the bandwidth to fix all of the remaining CMA systems that are still in use. Please remember that the CMA is a very old platform and has been End of Life and End of Service for quite some time.
Our company could not wait any longer. We could not import any certificate. And the desktop clients did not work. We reset the local administrator password and replace the certificates in the Apache folder with the ones that we issued (client certificate + key). After the reboot, the interface displayed the old self-signed certificate, but the clients were able to connect.
we would appreciate if you can elaborate and install the new self-signed certificate in our CMA.
Please inform me if i can proceed and arrange a remote session.
The procedure involves replacing the existing server certificate and private key in the Apache certificate store. I would need to set up a screen share session to your PC and from there establish a Remote Desktop connection to the CMA. The CMA will need to be rebooted at the end of the procedure.
THIS IS NOT A POLYCOM APPROVED PROCEDURE. YOU ASSUME FULL RESPONSIBLILITY FOR ANY DAMAGE CAUSED TO YOUR SYSTEM. HAVE A FULL BACKUP PRIOR TO BEGINING. THIS PROCEDURE HAS BEEN TESTED ON CMA VERSION 6.2.7 ONLY.
+1 on another organization with this issue. We never implemented anything other than the default self-signed cert on the CMA. I've been trying to install our wildcard cert from our cert issuer. Even installing the root, intermediary and the host cert, still gives me a trust chain issue. I'm in the process of updating from 6.23 to 6.27 with the hopes that my current version is having an issue with a wildcard cert
The problem is the wildcard cert. None of our infrastructure products support them.
Our CMA is experiencing this issue and we would really appreciate your assistance with installing the new certificate you have created. If you are available today or tomorrow that would be great! Please let me know what we would need to do to start the setup.
Email me at firstname.lastname@example.org
Thank you for that little tidbit of information (from keeping me from pulling out any more hair).
I don't suppose I can take you up on your offer to re-create the self signed cert on our CMA?
Just as an FYI, we never requested access to the underlying Windows Server OS running on the CMA, so we don't have any login credentials; I'm guessing that technical support does?
You can reset local administrator account password by third party tools. For your own risk. This helped us replace certificates directly in the apache folder.