As part of the 10.X Cisco Collaboration Systems Release, Enterprise License Manager (ELM) has been changed to Prime License Manager (PLM) and the system operates a little bit differently than ELM did. There are a few differences including how you install 3rd party signed certificates on the box. I will discuss some operating differences and how to handle getting 3rd party certificates on the PLM.
ELM/PLM is the licensing component included with several of the Cisco collaboration products. I prefer to have my ELM/PLM server be a standalone virtual machine (VM) vs. using a co-resident one with another collaboration application (both are supported by Cisco TAC). The system requirements for a standalone system are small and by having a stand alone VM, you can deal with ELM/PLM issues without impacting other application functions like CUCM or CUC.
In 9.X, ELM used to be in the CUCM/CUC install ISO which is now approaching 5 GB in size as of the latest 10.5(2) release. PLM operates similarly to ELM but it is now a standalone ISO and is less than a 1 GB in size. Since much of the CUCM/CUC stuff is stripped out, you don’t have GUI methods to deal with certificates.
Installing 3rd party certificates is not specifically documented for PLM currently (at least I couldn’t find it on CCO or Google). There is a CLI command reference guide and that was what I needed along with some assistance from TAC to piece together the procedure. Even TAC was initially unclear how to do this. I figured I would save you some time and outline the procedure here. You will need SSH access to the PLM CLI. Also, make sure you certificates are in Base64 format:
# Generate the CSR set csr gen tomcat # Retrieve the CSR & provide to your CA administrator show csr own tomcat/tomcat.csr # Upload root & any intermediate certs for the CA to PLM set cert import trust tomcat # View trust certs show cert list trust # Upload the signed tomcat cert to PLM set cert import own tomcat tomcat-trust/<CAName from show>
After all of this you will need to cycle the Cisco Tomcat service, however, in version 10.5(2) there is no way to restart just the Cisco Tomcat service from the CLI, so you will need to restart your PLM VM:
utils system restart
Hopefully after all of this, you can have a 3rd party signed certificate on your PLM so you do not get the annoying certificate warnings when you connect to the administration GUI.
Disclosure: I am a member of the Cisco Champions Program. Cisco Champions are passionate about Cisco and enjoy sharing our knowledge, expertise, and thoughts across the social web and with Cisco. I am not a representative of Cisco. My views as a Cisco Champion are my own.