Hi everyone,

We upgraded years ago from CMA Desktop to RealPresence Desktop and are having no issues since our Cert was updated by Mike. The RealPresence Desktop is pulling the licsense from the CMA. 

I hope this helps anyone with issues using CMADesktop

I tested the Revo Uninstaller and it did not resolve the issue.

Mike, 

I replacing the cert something that you have to do or can you email users instructions on how to do it to save you time. 

Aaron Knighten

VIcom Network/NOC Manager

MSCE: 2012 Server Infrastructure

MCSE: Cloud Platform and Infrastructure

It's normally something I have to do because I don't have the authority to give out the CMA server RDP credentials.

Hello, I wanted to share one interesting fact. Versions CMAD 5.0.0 and 5.0.1 work with the expired certificate without changing the time and everything else.

Sorry for my English.

Hello Dima,

Version 5.0.x is working on my infractructure too,but i have imported the new cert.

I think upgrading to RP desktop with no additional cost is the best solution for this.

Best Regards,

Hi Sotiris,

do you know what must be done for the upgrade to RP-desktop?
Is it only to use the RP-client or must be also changed something on the CMA?
Thank you for your help!

Best regards,
Markus

sotiris

please tell Me how you created newcert (if we are talking about cdma self-signed certificate) and how you imported it into the system.

We use "CMA Self-Signed Certificate".
The CMA server version 6.2.7.
To regenerate the certificate you need:
- Access to CMA-server via RDP-terminal (If there is no RDP access - any bootable media that allows you to watch and write files to the system.);
- openssl programm.

Install openssl on your computer.
Connect to the CMA4000 server (xxx xxx. Xx.123) using the terminal (RDP).
Go to drive "E:\Apache2\conf\".
Take the file server.key from the folder - download via FTP to your computer.

On your computer run "openssl s_client -connect xxx xxx.xxx.123:443>1.txt" and press Ctrl + C - it does not interrupt itself ...
In the received file "1.txt" we see all the information about the certificate.

The most important line:
---
Certificate chain
  0 s: C = US, ST = California, L = Pleasanton, O = Polycom, OU = VSG, CN = CMA Self-Signed Certificate, emailAddress = support@polycom.com
---
Here are who, what, where, to whom ...
This is necessary for the subsequent generation of a new certificate.

Go to the directory where it is server.key and run "openssl req -sha1 -new -x509 -days 5000 -key server.key -out server.crt"
and fill in accordance with the obtained values (C = US, ST = California, L = Pleasanton, O = Polycom, OU = VSG, CN = CMA Self-Signed Certificate, emailAddress = support@polycom.com)

(example):
....
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Pleasanton
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Polycom
Organizational Unit Name (eg, section) []:VSG
Common Name (e.g. server FQDN or YOUR name) []:CMA Self-Signed Certificate
Email Address []:support@polycom.com
....

a new "server.crt" file will be created.

Using a web browser, connect to the CMA server and go to "Admin> Management and Security> Certificate Management".

Run the "Create Certificate Signing Request" and we fill strictly with values as filled out above.
Press Ok and save the csr file (for example CRQ7403515560785966695.csr) to us in the same folder where we make the certificate.
Run "openssl.exe x509 -req -in CRQ7403515560785966695.csr -CA server.crt -CAkey server.key -CAcreateserial -out cma.crt -days 5000".
At the output we get the file "cma.crt".

On CMA server run the "Install Certificate" and load "server.crt" at the beginning and then "cma.crt".

The system must upload certificates. True, they will not be valid and little red...
Connect to the CMA4000 server (xxx xxx. Xx.123) using the terminal (RDP).
Go to drive "E:\Apache2\conf\".
Back up the entire directory!!!
Use ftp-client (or something else) we put in this folder a new "server.crt" file.
Via the RDP terminal we reboot the server.
Using a web browser connect to the CMA server and go to "Admin> Management and Security> Certificate Management".
Certificates as were red, and remained.... Well, okay!
Run "Revert to default Certificate".
A valid certificate will appear with a new expiration date!
Delete the remaining "bad certificate" and reboot the server.
Launch the "Polycom RealPresence Desktop" client and connect to the server.
On the warning about the self-signed certificate - we say "trust".
Everything is working!

Additionally I did "CMA is not presenting the full certificate chain to the clients."
but I think it is not necessary ...

Probably there is a better way - but my server is working and this is the most important thing!

Sorry for my English...