CUCM certificates

Started by Dieselboy, June 10, 2016, 04:26:42 AM

Previous topic - Next topic

Dieselboy

Has anyone managed to export private keys from CUCM? They are locked down but I've read somewhere it's possible with a bit of work.

I would like to export the private key for XMPP and keep it locked away but this would allow me to optimise some stuff with the Riverbed as XMPP is encrypted and so passes thru.

Dieselboy

CUCM DRS backs up all certs.. I wonder if I can grab it from there.
:zomgwtfbbq:

deanwebb

Keep in mind that private keys *should* be hard to extract... if they're done properly.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

Yes I'm expecting it's not possible... But will have a look anyway.

I understand the security reasons for keeping this secure, but it's preventing me doing some things which will benefit the business operation. :/

I will still keep the keys secure as they are now if I had access to them, but the difference is I would have access to them :)

Dieselboy

I just had a webex with TAC and they gained ROOT access to both nodes. When the meeting ended the putty sessions were left open. I pulled off one of the ".keystore" where the private key should be and none of the passwords I could logically think of worked to gain access to it, so I've given up and logged out :)

-- Where there's a Will, there's a way. Unfortunately, I don't know anyone named Will.
::)