Good morning... Our SSL certificates are beginning to expire and with the renewal process, we're also upgrading to the SHA-2 standard. Unbeknownst to me, CUCM doesn't (natively?) support SHA-2 and I unfortunately generated CSR's already, which of course has broken the certificate chain giving me a nice red bar in my browser when connecting to the web interfaces for management.
I don't doubt that I'm simply missing something, but as it stands, I can only get CUCM to upload root and intermediate certificates that are using SHA-1. The individual cert signed by the CA is using SHA-2 and obviously will not upload because I can't get the root and intermediate certs using SHA-2 into the trust-store.
Is there a workaround for this? A patch maybe? Or, do I have to revoke the new SHA-2 cert and renew using SHA-1?