Plantronics + Polycom. Now together as Poly Logo

the certificate cma self-signed certificate will expire February 2019

Polycom Employee

Re: the certificate cma self-signed certificate will expire February 2019

Instead of trying to find a workaround that works for everyone I have fixed this the right way. I have created a new self-signed certificate that expires in 2029. That was the simple part. Implementation is a bit more problematic.  As of right now it is a manual process. I would have to do a sceen sharing session with anyone having the problem and install the new certificate myself. I don't know how many users are experiencing the problem but I don't have the bandwidth to fix all of the remaining CMA systems that are still in use. Please remember that the CMA is a very old platform and has been End of Life and End of Service for quite some time. 

 

 

 

Michael K. Bromley, CVE, CCENT, WCNA, VCA-DCV
Technical Lead
Infrastructure Technical Support Center
Message 41 of 82
Occasional Visitor

Re: the certificate cma self-signed certificate will expire February 2019

Our company could not wait any longer. We could not import any certificate. And the desktop clients did not work. We reset the local administrator password and replace the certificates in the Apache folder with the ones that we issued (client certificate + key). After the reboot, the interface displayed the old self-signed certificate, but the clients were able to connect.

Message 42 of 82
Occasional Contributor

Re: the certificate cma self-signed certificate will expire February 2019

Hello Mike,

 

we would appreciate if you can elaborate and install the new self-signed certificate in our CMA.

Please inform me if i can proceed and arrange a remote session.

Message 43 of 82
Polycom Employee

Re: the certificate cma self-signed certificate will expire February 2019

The procedure involves replacing the existing server certificate and private key in the Apache certificate store. I would need to set up a screen share session to your PC and from there establish a Remote Desktop connection to the CMA. The CMA will need to be rebooted at the end of the procedure.

 

**IMPORTANT**

THIS IS NOT A POLYCOM APPROVED PROCEDURE. YOU ASSUME FULL RESPONSIBLILITY FOR ANY DAMAGE CAUSED TO YOUR SYSTEM. HAVE A FULL BACKUP PRIOR TO BEGINING. THIS PROCEDURE HAS BEEN TESTED ON CMA VERSION 6.2.7 ONLY.

 

 

 

 

Michael K. Bromley, CVE, CCENT, WCNA, VCA-DCV
Technical Lead
Infrastructure Technical Support Center
Message 44 of 82
Visitor

Re: the certificate cma self-signed certificate will expire February 2019

+1 on another organization with this issue. We never implemented anything other than the default self-signed cert on the CMA. I've been trying to install our wildcard cert from our cert issuer. Even installing the root, intermediary and the host cert, still gives me a trust chain issue. I'm in the process of updating from 6.23 to 6.27 with the hopes that my current version is having an issue with a wildcard cert

Message 45 of 82
Polycom Employee

Re: the certificate cma self-signed certificate will expire February 2019

The problem is the wildcard cert. None of our infrastructure products support them.

 

 

Michael K. Bromley, CVE, CCENT, WCNA, VCA-DCV
Technical Lead
Infrastructure Technical Support Center
Message 46 of 82
Occasional Advisor

Re: the certificate cma self-signed certificate will expire February 2019

Hi Mike,

 

Our CMA is experiencing this issue and we would really appreciate your assistance with installing the new certificate you have created. If you are available today or tomorrow that would be great! Please let me know what we would need to do to start the setup.

 

Thank you

Message 47 of 82
Polycom Employee

Re: the certificate cma self-signed certificate will expire February 2019

Seth,

 

Email me at mbromley@plantronics.com

 

 

 

Michael K. Bromley, CVE, CCENT, WCNA, VCA-DCV
Technical Lead
Infrastructure Technical Support Center
Message 48 of 82
Visitor

Re: the certificate cma self-signed certificate will expire February 2019

Thank you for that little tidbit of information (from keeping me from pulling out any more hair).

I don't suppose I can take you up on your offer to re-create the self signed cert on our CMA? 

Just as an FYI, we never requested access to the underlying Windows Server OS running on the CMA, so we don't have any login credentials; I'm guessing that technical support does?

Message 49 of 82
Occasional Visitor

Re: the certificate cma self-signed certificate will expire February 2019

You can reset local administrator account password by third party tools. For your own risk. This helped us replace certificates directly in the apache folder.

Message 50 of 82