Plantronics + Polycom. Now together as Poly Logo

the certificate cma self-signed certificate will expire February 2019

Frequent Advisor

Re: the certificate cma self-signed certificate will expire February 2019

Hello Mike,

 

So if i unistall CMAD with Revo uninstaller(to clear registry),and re-install it,should it work?

 

Have you test this?

 

Best Regards,

Message 61 of 81
Occasional Advisor

Re: the certificate cma self-signed certificate will expire February 2019

Hi everyone,

 

We upgraded years ago from CMA Desktop to RealPresence Desktop and are having no issues since our Cert was updated by Mike. The RealPresence Desktop is pulling the licsense from the CMA. 

 

I hope this helps anyone with issues using CMADesktop

Message 62 of 81
Polycom Employee

Re: the certificate cma self-signed certificate will expire February 2019

I tested the Revo Uninstaller and it did not resolve the issue.

 

 

Michael K. Bromley, CVE, CCENT, WCNA, VCA-DCV
Technical Lead
Infrastructure Technical Support Center
Message 63 of 81
Occasional Visitor

Re: the certificate cma self-signed certificate will expire February 2019

Mike, 

 

I replacing the cert something that you have to do or can you email users instructions on how to do it to save you time. 

 

Aaron Knighten

VIcom Network/NOC Manager

MSCE: 2012 Server Infrastructure

MCSE: Cloud Platform and Infrastructure

Message 64 of 81
Polycom Employee

Re: the certificate cma self-signed certificate will expire February 2019

It's normally something I have to do because I don't have the authority to give out the CMA server RDP credentials.

 

 

Michael K. Bromley, CVE, CCENT, WCNA, VCA-DCV
Technical Lead
Infrastructure Technical Support Center
Message 65 of 81
Frequent Visitor

Re: the certificate cma self-signed certificate will expire February 2019

Hello, I wanted to share one interesting fact. Versions CMAD 5.0.0 and 5.0.1 work with the expired certificate without changing the time and everything else.

 

Sorry for my English.

Message 66 of 81
Frequent Advisor

Re: the certificate cma self-signed certificate will expire February 2019

Hello Dima,

 

Version 5.0.x is working on my infractructure too,but i have imported the new cert.

 

I think upgrading to RP desktop with no additional cost is the best solution for this.

 

Best Regards,

 

Message 67 of 81
Visitor

Re: the certificate cma self-signed certificate will expire February 2019

Hi Sotiris,

do you know what must be done for the upgrade to RP-desktop?
Is it only to use the RP-client or must be also changed something on the CMA?
Thank you for your help!

Best regards,
Markus

Message 68 of 81
Frequent Visitor

Re: the certificate cma self-signed certificate will expire February 2019

sotiris

please tell Me how you created newcert (if we are talking about cdma self-signed certificate) and how you imported it into the system.

Message 69 of 81
Member

Re: the certificate cma self-signed certificate will expire February 2019

We use "CMA Self-Signed Certificate".
The CMA server version 6.2.7.
To regenerate the certificate you need:
- Access to CMA-server via RDP-terminal (If there is no RDP access - any bootable media that allows you to watch and write files to the system.);
- openssl programm.

Install openssl on your computer.
Connect to the CMA4000 server (xxx xxx. Xx.123) using the terminal (RDP).
Go to drive "E:\Apache2\conf\".
Take the file server.key from the folder - download via FTP to your computer.

On your computer run "openssl s_client -connect xxx xxx.xxx.123:443>1.txt" and press Ctrl + C - it does not interrupt itself ...
In the received file "1.txt" we see all the information about the certificate.

The most important line:
---
Certificate chain
  0 s: C = US, ST = California, L = Pleasanton, O = Polycom, OU = VSG, CN = CMA Self-Signed Certificate, emailAddress = support@polycom.com
---
Here are who, what, where, to whom ...
This is necessary for the subsequent generation of a new certificate.

Go to the directory where it is server.key and run "openssl req -sha1 -new -x509 -days 5000 -key server.key -out server.crt"
and fill in accordance with the obtained values (C = US, ST = California, L = Pleasanton, O = Polycom, OU = VSG, CN = CMA Self-Signed Certificate, emailAddress = support@polycom.com)

(example):
....
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Pleasanton
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Polycom
Organizational Unit Name (eg, section) []:VSG
Common Name (e.g. server FQDN or YOUR name) []:CMA Self-Signed Certificate
Email Address []:support@polycom.com
....

a new "server.crt" file will be created.

Using a web browser, connect to the CMA server and go to "Admin> Management and Security> Certificate Management".

Run the "Create Certificate Signing Request" and we fill strictly with values as filled out above.
Press Ok and save the csr file (for example CRQ7403515560785966695.csr) to us in the same folder where we make the certificate.
Run "openssl.exe x509 -req -in CRQ7403515560785966695.csr -CA server.crt -CAkey server.key -CAcreateserial -out cma.crt -days 5000".
At the output we get the file "cma.crt".

On CMA server run the "Install Certificate" and load "server.crt" at the beginning and then "cma.crt".

The system must upload certificates. True, they will not be valid and little red...
Connect to the CMA4000 server (xxx xxx. Xx.123) using the terminal (RDP).
Go to drive "E:\Apache2\conf\".
Back up the entire directory!!!
Use ftp-client (or something else) we put in this folder a new "server.crt" file.
Via the RDP terminal we reboot the server.
Using a web browser connect to the CMA server and go to "Admin> Management and Security> Certificate Management".
Certificates as were red, and remained.... Well, okay!
Run "Revert to default Certificate".
A valid certificate will appear with a new expiration date!
Delete the remaining "bad certificate" and reboot the server.
Launch the "Polycom RealPresence Desktop" client and connect to the server.
On the warning about the self-signed certificate - we say "trust".
Everything is working!


Additionally I did "CMA is not presenting the full certificate chain to the clients."
but I think it is not necessary ...

Probably there is a better way - but my server is working and this is the most important thing!


Sorry for my English...

Message 70 of 81