AnsweredAssumed Answered

Possible to use SHA-2 certificates

Question asked by xc3ss1v30n3 on Jan 7, 2016
Latest reply on Jan 8, 2016 by manisjos

Good morning... Our SSL certificates are beginning to expire and with the renewal process, we're also upgrading to the SHA-2 standard. Unbeknownst to me, CUCM doesn't (natively?) support SHA-2 and I unfortunately generated CSR's already, which of course has broken the certificate chain giving me a nice red bar in my browser when connecting to the web interfaces for management.

 

I don't doubt that I'm simply missing something, but as it stands, I can only get CUCM to upload root and intermediate certificates that are using SHA-1. The individual cert signed by the CA is using SHA-2 and obviously will not upload because I can't get the root and intermediate certs using SHA-2 into the trust-store.

 

Is there a workaround for this? A patch maybe? Or, do I have to revoke the new SHA-2 cert and renew using SHA-1?

 

Thank you.

Outcomes