Logo

Poly Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

the certificate cma self-signed certificate will expire February 2019

MikeB
Polycom Employee
Polycom Employee
‎02-13-2019 07:53 AM
‎02-13-2019 07:53 AM

Re: the certificate cma self-signed certificate will expire February 2019

Instead of trying to find a workaround that works for everyone I have fixed this the right way. I have created a new self-signed certificate that expires in 2029. That was the simple part. Implementation is a bit more problematic.  As of right now it is a manual process. I would have to do a sceen sharing session with anyone having the problem and install the new certificate myself. I don't know how many users are experiencing the problem but I don't have the bandwidth to fix all of the remaining CMA systems that are still in use. Please remember that the CMA is a very old platform and has been End of Life and End of Service for quite some time. 

 

 

 

Michael K. Bromley, CVE, CCENT, WCNA, VCA-DCV
Technical Lead
Infrastructure Technical Support Center
Message 41 of 82
Reply
Xeonkeeper
Occasional Visitor
‎02-13-2019 09:39 AM
‎02-13-2019 09:39 AM

Re: the certificate cma self-signed certificate will expire February 2019

Our company could not wait any longer. We could not import any certificate. And the desktop clients did not work. We reset the local administrator password and replace the certificates in the Apache folder with the ones that we issued (client certificate + key). After the reboot, the interface displayed the old self-signed certificate, but the clients were able to connect.

Message 42 of 82
0 Kudos
Reply
markas
Occasional Contributor
‎02-13-2019 09:55 AM
‎02-13-2019 09:55 AM

Re: the certificate cma self-signed certificate will expire February 2019

Hello Mike,

 

we would appreciate if you can elaborate and install the new self-signed certificate in our CMA.

Please inform me if i can proceed and arrange a remote session.

Message 43 of 82
0 Kudos
Reply
MikeB
Polycom Employee
Polycom Employee
‎02-13-2019 10:06 AM
‎02-13-2019 10:06 AM

Re: the certificate cma self-signed certificate will expire February 2019

The procedure involves replacing the existing server certificate and private key in the Apache certificate store. I would need to set up a screen share session to your PC and from there establish a Remote Desktop connection to the CMA. The CMA will need to be rebooted at the end of the procedure.

 

**IMPORTANT**

THIS IS NOT A POLYCOM APPROVED PROCEDURE. YOU ASSUME FULL RESPONSIBLILITY FOR ANY DAMAGE CAUSED TO YOUR SYSTEM. HAVE A FULL BACKUP PRIOR TO BEGINING. THIS PROCEDURE HAS BEEN TESTED ON CMA VERSION 6.2.7 ONLY.

 

 

 

 

Michael K. Bromley, CVE, CCENT, WCNA, VCA-DCV
Technical Lead
Infrastructure Technical Support Center
Message 44 of 82
Reply
Bruschetta
Visitor
‎02-13-2019 10:52 AM
‎02-13-2019 10:52 AM

Re: the certificate cma self-signed certificate will expire February 2019

+1 on another organization with this issue. We never implemented anything other than the default self-signed cert on the CMA. I've been trying to install our wildcard cert from our cert issuer. Even installing the root, intermediary and the host cert, still gives me a trust chain issue. I'm in the process of updating from 6.23 to 6.27 with the hopes that my current version is having an issue with a wildcard cert

Message 45 of 82
0 Kudos
Reply
MikeB
Polycom Employee
Polycom Employee
‎02-13-2019 10:54 AM
‎02-13-2019 10:54 AM

Re: the certificate cma self-signed certificate will expire February 2019

The problem is the wildcard cert. None of our infrastructure products support them.

 

 

Michael K. Bromley, CVE, CCENT, WCNA, VCA-DCV
Technical Lead
Infrastructure Technical Support Center
Message 46 of 82
Reply
Seth Kennedy
Occasional Advisor
‎02-13-2019 11:39 AM
‎02-13-2019 11:39 AM

Re: the certificate cma self-signed certificate will expire February 2019

Hi Mike,

 

Our CMA is experiencing this issue and we would really appreciate your assistance with installing the new certificate you have created. If you are available today or tomorrow that would be great! Please let me know what we would need to do to start the setup.

 

Thank you

Message 47 of 82
0 Kudos
Reply
MikeB
Polycom Employee
Polycom Employee
‎02-13-2019 12:15 PM
‎02-13-2019 12:15 PM

Re: the certificate cma self-signed certificate will expire February 2019

Seth,

 

Email me at mbromley@plantronics.com

 

 

 

Michael K. Bromley, CVE, CCENT, WCNA, VCA-DCV
Technical Lead
Infrastructure Technical Support Center
Message 48 of 82
0 Kudos
Reply
Bruschetta
Visitor
‎02-13-2019 12:37 PM
‎02-13-2019 12:37 PM

Re: the certificate cma self-signed certificate will expire February 2019

Thank you for that little tidbit of information (from keeping me from pulling out any more hair).

I don't suppose I can take you up on your offer to re-create the self signed cert on our CMA? 

Just as an FYI, we never requested access to the underlying Windows Server OS running on the CMA, so we don't have any login credentials; I'm guessing that technical support does?

Message 49 of 82
0 Kudos
Reply
Xeonkeeper
Occasional Visitor
‎02-13-2019 12:47 PM
‎02-13-2019 12:47 PM

Re: the certificate cma self-signed certificate will expire February 2019

You can reset local administrator account password by third party tools. For your own risk. This helped us replace certificates directly in the apache folder.

Message 50 of 82
Reply